From 764e88d4df29204be6ea2206cf753c56ec0f5b5f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 14 Oct 2010 16:34:31 +0000
Subject: All tests work are again working

---
 agent/ChangeLog                                    |  5 ++
 agent/agent.h                                      |  3 +-
 agent/command.c                                    |  9 ++-
 agent/genkey.c                                     | 16 ++--
 doc/DETAILS                                        | 13 +++
 doc/gpg-agent.texi                                 | 14 +++-
 doc/tools.texi                                     | 11 +++
 g10/ChangeLog                                      |  9 +++
 g10/call-agent.c                                   |  8 +-
 g10/call-agent.h                                   |  2 +-
 g10/keygen.c                                       | 66 ++++++++++-----
 tests/openpgp/ChangeLog                            | 21 +++++
 tests/openpgp/Makefile.am                          | 89 ++++++---------------
 tests/openpgp/decrypt-dsa.test                     |  2 +-
 tests/openpgp/decrypt.test                         |  2 +-
 tests/openpgp/defs.inc                             | 57 +++++++++----
 tests/openpgp/encrypt-dsa.test                     |  8 +-
 tests/openpgp/finish.test                          | 17 ++++
 tests/openpgp/genkey1024.test                      | 13 ++-
 tests/openpgp/gpg-agent.conf.tmpl                  |  6 +-
 tests/openpgp/mkdemodirs                           |  2 +-
 tests/openpgp/multisig.test                        |  4 +-
 .../0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc   | 12 +++
 .../13FDB8809B17C5547779F9D205C45F47CE0217CE.asc   | 17 ++++
 .../343D8AF79796EE107D645A2787A9D9252F924E6F.asc   | 17 ++++
 .../50B2D4FA4122C212611048BC5FC31BD44393626E.asc   | 21 +++++
 .../76F7E2B35832976B50A27A282D9B87E44577EB66.asc   | 21 +++++
 .../7E201E28B6FEB2927B321F443205F4724EBE637E.asc   | 18 +++++
 .../8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc   | 14 ++++
 .../A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc   | 20 +++++
 .../FD692BD59D6640A84C8422573D469F84F3B98E53.asc   | 15 ++++
 tests/openpgp/seat.test                            |  2 +-
 tests/openpgp/signencrypt-dsa.test                 |  8 +-
 tests/openpgp/sigs-dsa.test                        |  9 +--
 tests/openpgp/sigs.test                            |  2 +-
 tests/openpgp/version.test                         | 93 +++++++++++++++++++++-
 tools/ChangeLog                                    |  2 +
 tools/gpg-connect-agent.c                          |  6 +-
 38 files changed, 508 insertions(+), 146 deletions(-)
 create mode 100755 tests/openpgp/finish.test
 create mode 100644 tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc
 create mode 100644 tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc
 create mode 100644 tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc
 create mode 100644 tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc
 create mode 100644 tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc
 create mode 100644 tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc
 create mode 100644 tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc
 create mode 100644 tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
 create mode 100644 tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc

diff --git a/agent/ChangeLog b/agent/ChangeLog
index 12a853281..91aab9e6d 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,8 @@
+2010-10-14  Werner Koch  <wk@g10code.com>
+
+	* command.c (cmd_genkey): Add option --no-protection.
+	* genkey.c (agent_genkey): Add arg NO_PROTECTION.
+
 2010-10-13  Werner Koch  <wk@g10code.com>
 
 	* call-pinentry.c (agent_get_passphrase): Support the close_button.
diff --git a/agent/agent.h b/agent/agent.h
index 7276e66c3..48511c565 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -293,7 +293,8 @@ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent);
 gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
                                       char **r_passphrase);
 int agent_genkey (ctrl_t ctrl, const char *cache_nonce,
-                  const char *keyparam, size_t keyparmlen, membuf_t *outbuf);
+                  const char *keyparam, size_t keyparmlen,
+                  int no_protection, membuf_t *outbuf);
 int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey);
 
 /*-- protect.c --*/
diff --git a/agent/command.c b/agent/command.c
index 5444e1811..0a56f1218 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -806,7 +806,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
 
 
 static const char hlp_genkey[] = 
-  "GENKEY [<cache_nonce>]\n"
+  "GENKEY [--no-protection] [<cache_nonce>]\n"
   "\n"
   "Generate a new key, store the secret part and return the public\n"
   "part.  Here is an example transaction:\n"
@@ -824,12 +824,16 @@ cmd_genkey (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc;
+  int no_protection;
   unsigned char *value;
   size_t valuelen;
   membuf_t outbuf;
   char *cache_nonce = NULL;
   char *p;
   
+  no_protection = has_option (line, "--no-protection");
+  line = skip_options (line);
+
   p = line;
   for (p=line; *p && *p != ' ' && *p != '\t'; p++)
     ;
@@ -844,7 +848,8 @@ cmd_genkey (assuan_context_t ctx, char *line)
 
   init_membuf (&outbuf, 512);
 
-  rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, &outbuf);
+  rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection,
+                     &outbuf);
   xfree (value);
   if (rc)
     clear_outbuf (&outbuf);
diff --git a/agent/genkey.c b/agent/genkey.c
index 0a35643e5..7612f99da 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -352,10 +352,11 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
 
 /* Generate a new keypair according to the parameters given in
    KEYPARAM.  If CACHE_NONCE is given first try to lookup a passphrase
-   using the cache nonce. */
+   using the cache nonce.  If NO_PROTECTION is true the key will not
+   be protected by a passphrase.  */
 int
 agent_genkey (ctrl_t ctrl, const char *cache_nonce,
-              const char *keyparam, size_t keyparamlen,
+              const char *keyparam, size_t keyparamlen, int no_protection,
               membuf_t *outbuf) 
 {
   gcry_sexp_t s_keyparam, s_key, s_private, s_public;
@@ -372,8 +373,12 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
     }
 
   /* Get the passphrase now, cause key generation may take a while. */
-  passphrase = cache_nonce? agent_get_cache (cache_nonce, CACHE_MODE_NONCE):NULL;
-  if (passphrase)
+  if (no_protection || !cache_nonce)
+    passphrase = NULL;
+  else 
+    passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
+
+  if (passphrase || no_protection)
     rc = 0;
   else
     rc = agent_ask_new_passphrase (ctrl, 
@@ -424,7 +429,8 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
           gcry_create_nonce (tmpbuf, 12);
           cache_nonce = bin2hex (tmpbuf, 12, NULL);
         }
-      if (cache_nonce 
+      if (cache_nonce
+          && !no_protection
           && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE,
                                passphrase, 900 /*seconds*/))
         agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL);
diff --git a/doc/DETAILS b/doc/DETAILS
index 93dedbea0..dd3e357ec 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -826,6 +826,19 @@ The format of this file is as follows:
         entry code.  This is a global option.
     %no-ask-passphrase
         Disable the ask-passphrase mode.        
+    %no-protection
+        With GnuPG 2.1 it is not anymore possible to specify a
+        passphrase for unattended key generation.  The passphrase
+        command is simply ignored and %ask-passpharse is thus
+        implicitly enabled.  Using this option allows to the creation
+        of keys without any passphrases.  This option is mainly
+        intended for regression tests.
+    %transient-key
+        If given the keys are created using a faster and a somewhat
+        less secure random number generator.  This option may be used
+        for keys which are only used for a short time and do not
+        require full cryptographic strength.  It takes only effect if
+        used together with the option no-protection.
 
    o The order of the parameters does not matter except for "Key-Type"
      which must be the first parameter.  The parameters are only for the
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d504d2a99..02a2c28a9 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -485,7 +485,7 @@ pinentry to pop up at the @code{tty} or display you started the agent.
 @item --enable-ssh-support
 @opindex enable-ssh-support
 
-Enable emulation of the OpenSSH Agent protocol.
+Enable the OpenSSH Agent protocol.
 
 In this mode of operation, the agent does not only implement the
 gpg-agent protocol, but also the agent protocol used by OpenSSH
@@ -512,10 +512,20 @@ has been started.  To switch this display to the current one, the
 following command may be used:
 
 @smallexample
-echo UPDATESTARTUPTTY | gpg-connect-agent
+gpg-connect-agent updatestartuptty /bye
 @end smallexample
 
+Although all GnuPG components try to start the gpg-agent as needed, this
+is not possible for the ssh support because ssh does not know about it.
+Thus if no GnuPG tool which accesses the agent has been run, there is no
+guarantee that ssh is abale to use gpg-agent for authentication.  To fix
+this you may start gpg-agent if needed using this simple command:
 
+@smallexample
+gpg-connect-agent /bye
+@end smallexample
+
+Adding the @option{--verbose} shows the progress of starting the agent.
 
 @end table
 
diff --git a/doc/tools.texi b/doc/tools.texi
index efb37e699..ce7d2b3be 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -296,6 +296,12 @@ List the global configuration file in a colon separated format.  If
 Run a syntax check on the global configuration file.  If @var{filename}
 is given, check that file instead.
 
+@item --reload [@var{component}]
+@opindex reload
+Reload all or the given component. This is basically the sam as sending
+a SIGHUP to the component.  Components which don't support reloading are
+ignored.
+
 @end table
 
 
@@ -1170,6 +1176,11 @@ Try to be as quiet as possible.
 
 @include opt-homedir.texi
 
+@item --agent-program @var{file}
+@opindex agent-program
+Specify the agent program to be started if none is running.
+
+
 @item -S
 @itemx --raw-socket @var{name}
 @opindex S        
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 43ba53604..d155ee38c 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,12 @@
+2010-10-14  Werner Koch  <wk@g10code.com>
+
+	* call-agent.c (agent_genkey): Add arg NO_PROTECTION.
+	* keygen.c (do_create, gen_elg, gen_dsa, gen_rsa, common_gen): Add
+	arg KEYGEN_FLAGS.
+	(read_parameter_file): Add options no-protection and transient-key.
+	(KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): New.
+	(gen_rsa, gen_dsa, gen_elg): Use transient-key.
+
 2010-10-13  Werner Koch  <wk@g10code.com>
 
 	* call-agent.c (start_agent): Send option agent-awareness.
diff --git a/g10/call-agent.c b/g10/call-agent.c
index afbd9d6db..89a6be7ce 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1517,10 +1517,11 @@ inq_genkey_parms (void *opaque, const char *line)
 
 /* Call the agent to generate a new key.  KEYPARMS is the usual
    S-expression giving the parameters of the key.  gpg-agent passes it
-   gcry_pk_genkey.  */
+   gcry_pk_genkey.  If NO_PROTECTION is true the agent is advised not
+   to protect the generated key. */
 gpg_error_t
 agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
-              const char *keyparms, gcry_sexp_t *r_pubkey)
+              const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey)
 {
   gpg_error_t err;
   struct genkey_parm_s gk_parm;
@@ -1543,7 +1544,8 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
   gk_parm.ctrl     = ctrl;
   gk_parm.ctx      = agent_ctx;
   gk_parm.keyparms = keyparms;
-  snprintf (line, sizeof line, "GENKEY%s%s",
+  snprintf (line, sizeof line, "GENKEY%s%s%s",
+            no_protection? " --no-protection":"",
             cache_nonce_addr && *cache_nonce_addr? " ":"",
             cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
   err = assuan_transact (agent_ctx, line,
diff --git a/g10/call-agent.h b/g10/call-agent.h
index 5496e596e..6cba9c78c 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -155,7 +155,7 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
 
 /* Generate a new key.  */
 gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
-                          const char *keyparms,
+                          const char *keyparms, int no_protection,
                           gcry_sexp_t *r_pubkey);
 
 /* Create a signature.  */
diff --git a/g10/keygen.c b/g10/keygen.c
index 16a7f0b8d..03d53ce0b 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -49,6 +49,9 @@
 #define DEFAULT_STD_ALGO    GCRY_PK_RSA
 #define DEFAULT_STD_KEYSIZE 2048
 
+#define KEYGEN_FLAG_NO_PROTECTION 1
+#define KEYGEN_FLAG_TRANSIENT_KEY 2
+
 
 #define MAX_PREFS 30 
 
@@ -99,6 +102,7 @@ struct output_control_s {
     int lnr;
     int dryrun;
     int ask_passphrase;
+    unsigned int keygen_flags;
     int use_files;
     struct {
 	char  *fname;
@@ -1137,14 +1141,15 @@ key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
 static int
 common_gen (const char *keyparms, int algo, const char *algoelem,
             kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
-            char **cache_nonce_addr)
+            int keygen_flags, char **cache_nonce_addr)
 {
   int err;
   PACKET *pkt;
   PKT_public_key *pk;
   gcry_sexp_t s_key;
   
-  err = agent_genkey (NULL, cache_nonce_addr, keyparms, &s_key);
+  err = agent_genkey (NULL, cache_nonce_addr, keyparms,
+                      !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key);
   if (err)
     {
       log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
@@ -1196,7 +1201,8 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
  */
 static int
 gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
-         u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr)
+         u32 timestamp, u32 expireval, int is_subkey,
+         int keygen_flags, char **cache_nonce_addr)
 {
   int err;
   char *keyparms;
@@ -1216,18 +1222,23 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
       log_info (_("keysize rounded up to %u bits\n"), nbits );
     }
 
+  /* Note that we use transient-key only if no-protection has also
+     been enabled.  */
   snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
-  keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)))",
+  keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))",
                            algo == GCRY_PK_ELG_E ? "openpgp-elg" :
                            algo == GCRY_PK_ELG	 ? "elg" : "x-oops" ,
-                           strlen (nbitsstr), nbitsstr);
+                           strlen (nbitsstr), nbitsstr,
+                           ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+                            && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+                           "(transient-key)" : "" );
   if (!keyparms)
     err = gpg_error_from_syserror ();
   else
     {
       err = common_gen (keyparms, algo, "pgy", 
                         pub_root, timestamp, expireval, is_subkey,
-                        cache_nonce_addr);
+                        keygen_flags, cache_nonce_addr);
       xfree (keyparms);
     }
 
@@ -1240,7 +1251,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
  */
 static gpg_error_t
 gen_dsa (unsigned int nbits, KBNODE pub_root, 
-         u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr)
+         u32 timestamp, u32 expireval, int is_subkey,
+         int keygen_flags, char **cache_nonce_addr)
 {
   int err;
   unsigned int qbits;
@@ -1301,16 +1313,19 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
 
   snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
   snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits);
-  keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)))",
+  keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))",
                            strlen (nbitsstr), nbitsstr,
-                           strlen (qbitsstr), qbitsstr);
+                           strlen (qbitsstr), qbitsstr,
+                           ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+                            && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+                           "(transient-key)" : "" );
   if (!keyparms)
     err = gpg_error_from_syserror ();
   else
     {
       err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", 
                         pub_root, timestamp, expireval, is_subkey,
-                        cache_nonce_addr);
+                        keygen_flags, cache_nonce_addr);
       xfree (keyparms);
     }
 
@@ -1323,7 +1338,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
  */
 static int
 gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
-         u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr)
+         u32 timestamp, u32 expireval, int is_subkey,
+         int keygen_flags, char **cache_nonce_addr)
 {
   int err;
   char *keyparms;
@@ -1347,15 +1363,18 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
     }
 
   snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
-  keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)))", 
-                           strlen (nbitsstr), nbitsstr);
+  keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))", 
+                           strlen (nbitsstr), nbitsstr,
+                           ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+                            && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+                           "(transient-key)" : "" );
   if (!keyparms)
     err = gpg_error_from_syserror ();
   else
     {
       err = common_gen (keyparms, algo, "ne", 
                         pub_root, timestamp, expireval, is_subkey,
-                        cache_nonce_addr);
+                        keygen_flags, cache_nonce_addr);
       xfree (keyparms);
     }
 
@@ -2153,7 +2172,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
 static int
 do_create (int algo, unsigned int nbits, KBNODE pub_root,
            u32 timestamp, u32 expiredate, int is_subkey,
-           char **cache_nonce_addr)
+           int keygen_flags, char **cache_nonce_addr)
 {
   gpg_error_t err;
 
@@ -2168,13 +2187,13 @@ do_create (int algo, unsigned int nbits, KBNODE pub_root,
 
   if (algo == PUBKEY_ALGO_ELGAMAL_E)
     err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
-                   cache_nonce_addr);
+                   keygen_flags, cache_nonce_addr);
   else if (algo == PUBKEY_ALGO_DSA)
     err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
-                   cache_nonce_addr);
+                   keygen_flags, cache_nonce_addr);
   else if (algo == PUBKEY_ALGO_RSA)
     err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
-                   cache_nonce_addr);
+                   keygen_flags, cache_nonce_addr);
   else
     BUG();
 
@@ -2742,6 +2761,10 @@ read_parameter_file( const char *fname )
 		outctrl.ask_passphrase = 1;
 	    else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
 		outctrl.ask_passphrase = 0;
+	    else if( !ascii_strcasecmp( keyword, "%no-protection" ) )
+                outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION;
+	    else if( !ascii_strcasecmp( keyword, "%transient-key" ) )
+                outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
 	    else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
 		outctrl.lnr = lnr;
 		if (proc_parameter_file( para, fname, &outctrl, 0 ))
@@ -3242,7 +3265,8 @@ do_generate_keypair (struct para_data_s *para,
                      get_parameter_uint( para, pKEYLENGTH ),
                      pub_root,
                      timestamp,
-                     get_parameter_u32( para, pKEYEXPIRE ), 0, &cache_nonce);
+                     get_parameter_u32( para, pKEYEXPIRE ), 0, 
+                     outctrl->keygen_flags, &cache_nonce);
   else
     err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
                         &timestamp,
@@ -3293,7 +3317,7 @@ do_generate_keypair (struct para_data_s *para,
                            pub_root, 
                            timestamp,
                            get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
-                           &cache_nonce);
+                           outctrl->keygen_flags, &cache_nonce);
           /* Get the pointer to the generated public subkey packet.  */
           if (!err)
             {
@@ -3500,7 +3524,7 @@ generate_subkeypair (KBNODE keyblock)
       goto leave;
     }  
 
-  err = do_create (algo, nbits, keyblock, cur_time, expire, 1, NULL);
+  err = do_create (algo, nbits, keyblock, cur_time, expire, 1, 0, NULL);
   if (err)
     goto leave;
 
diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog
index 69869209a..46da4fe33 100644
--- a/tests/openpgp/ChangeLog
+++ b/tests/openpgp/ChangeLog
@@ -1,3 +1,24 @@
+2010-10-14  Werner Koch  <wk@g10code.com>
+
+	* genkey1024.test: Use the new no-protection option.
+
+	* decrypt-dsa.test: Do not specify an extra keyring.  The keyring
+	has been loaded into pubring.gpg.
+	* sigs-dsa.test: Ditto.
+	* encrypt-dsa.test: Ditto.
+	* signencrypt-dsa.test: Ditto.
+
+	* decrypt.test: Remove passphrase stuff.
+	* sigs.test: Ditto.
+
+	* privkeys/: New.
+
+	* Makefile.am: Move most stuff to ...
+	* version.test: Prepare data files etc.
+	* finish.test: New.
+	* defs.inc: Set all envvars.
+	(usrname1, usrname2, username3): Use full mail address.
+
 2010-06-07  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (TESTS_ENVIRONMENT): New.  Start all scripts under
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index ba1a65529..9ea2237b9 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -1,4 +1,6 @@
-# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+# Makefile.am - For tests/openpgp
+# Copyright (C) 1998, 1999, 2000, 2001, 2003,
+#               2010 Free Software Foundation, Inc.
 #
 # This file is part of GnuPG.
 #
@@ -16,15 +18,15 @@
 # along with this program; if not, see <http://www.gnu.org/licenses/>.
 # Process this file with automake to create Makefile.in
 
-GPG_IMPORT = ../../g10/gpg2 --homedir $(abs_builddir) \
-              --quiet --yes --no-permission-warning --import
 
 # Programs required before we can run these tests.
 required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \
-                ../../tools/gpg-connect-agent
+                ../../tools/gpg-connect-agent ../../tools/mk-tdata
 
 TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C
 
+# Note: version.test needs to be the first test to run and finish.test
+# the last one
 TESTS = version.test mds.test \
 	decrypt.test decrypt-dsa.test \
 	sigs.test sigs-dsa.test \
@@ -36,7 +38,7 @@ TESTS = version.test mds.test \
 	armdetachm.test detachm.test genkey1024.test \
 	conventional.test conventional-mdc.test \
 	multisig.test verify.test armor.test \
-	import.test
+	import.test finish.test 
 
 
 TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
@@ -46,73 +48,34 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 	     bug537-test.data.asc bug894-test.asc \
 	     bug1223-good.asc bug1223-bogus.asc
 
-DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large
+data_files = data-500 data-9000 data-32000 data-80000 plain-large
+
+priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
+            privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc \
+            privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc \
+            privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc \
+            privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc \
+            privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \
+            privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \
+            privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \
+            privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
+
 
 EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \
-	     mkdemodirs signdemokey
+	     mkdemodirs signdemokey $(priv_keys)
 
-CLEANFILES = prepared.stamp x y yy z out err  $(DATA_FILES) \
+CLEANFILES = prepared.stamp x y yy z out err  $(data_files) \
 	     plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
 	     *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
-	     pubring.gpg secring.gpg pubring.pkr secring.skr
+	     pubring.gpg secring.gpg pubring.pkr secring.skr \
+	     gnupg-test.stop
 
 DISTCLEANFILES = pubring.gpg~ random_seed
 
-
-all-local: prepared.stamp
-
-distclean-local:
-	$(srcdir)/mkdemodirs --clean
-
-prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
-		./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES)
-	 $(GPG_IMPORT) $(srcdir)/pubdemo.asc	 
-	 echo timestamp >./prepared.stamp
-
 # We need to depend on a couple of programs so that the tests don't
 # start before all programs are built.
-./gpg_dearmor:  $(required_pgms)
-	echo '#!/bin/sh' >./gpg_dearmor
-	echo "../../g10/gpg2 --no-options --no-greeting \
-             --no-secmem-warning --batch --dearmor" >>./gpg_dearmor
-	chmod 755 ./gpg_dearmor
-
-./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor
-	./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc
-
-./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor
-	./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc
+all-local: $(required_pgms)
 
-./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor
-	./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc
-
-./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor
-	./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc
-
-./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor
-	./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc
-
-./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor
-	./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc
-
-./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor
-	./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc
-
-
-data-500:
-	../../tools/mk-tdata   500  >data-500
-data-9000:
-	../../tools/mk-tdata  9000  >data-9000
-data-32000:
-	../../tools/mk-tdata 32000  >data-32000
-data-80000:
-	../../tools/mk-tdata 80000  >data-80000
-plain-large:
-	cat $(srcdir)/../../doc/HACKING \
-	    $(srcdir)/../../doc/DETAILS \
-	    $(srcdir)/../../doc/gpg.texi >plain-large
-
-# To speed up key generation we create a dummy random seed file
-random_seed:
-	../../tools/mk-tdata 600
+distclean-local:
+	$(srcdir)/mkdemodirs --clean
 
diff --git a/tests/openpgp/decrypt-dsa.test b/tests/openpgp/decrypt-dsa.test
index 7220f8a22..ba83fea07 100755
--- a/tests/openpgp/decrypt-dsa.test
+++ b/tests/openpgp/decrypt-dsa.test
@@ -12,7 +12,7 @@
 
 #info Checking decryption of supplied DSA encrypted file
 for i in "plain-1" ; do
-    $GPG $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc
+    $GPG -o y --yes $srcdir/$i-pgp.asc
     cmp $i y || error "$i: mismatch"
 done
 
diff --git a/tests/openpgp/decrypt.test b/tests/openpgp/decrypt.test
index 7b68b25ec..370dc964b 100755
--- a/tests/openpgp/decrypt.test
+++ b/tests/openpgp/decrypt.test
@@ -12,7 +12,7 @@
 
 #info Checking decryption of supplied files
 for i in $plain_files ; do
-    echo "$usrpass1" | $GPG --passphrase-fd 0 -o y --yes $srcdir/$i.asc
+    $GPG -o y --yes $srcdir/$i.asc
     cmp $i y || error "$i: mismatch"
 done
 
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index 1158fb0cd..bc0d76e10 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -12,22 +12,21 @@
 #------ constants ---------------
 #--------------------------------
 
-# Note that usrpass1 is also used in Makefile.am
-usrname1="one"
+usrname1="one@example.com"
 usrpass1="def"
-usrname2="two"
+usrname2="two@example.com"
 usrpass2=""
-usrname3="three"
+usrname3="three@example.com"
 usrpass3=""
 
 
 dsa_usrname1="pgp5"
-# we use the sub key because we do not yet have the logic to
-# to derive the first encryption key from a keyblock (I guess)
+# we use the sub key because we do not yet have the logic to to derive
+# the first encryption key from a keyblock (I guess) (Well of course
+# we have this by now and the notation below will lookup the primary
+# first and the search for the encryption subkey.)
 dsa_usrname2="0xCB879DE9"
 
-dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr"
-
 
 plain_files="plain-1 plain-2 plain-3"
 data_files="data-500 data-9000 data-32000 data-80000"
@@ -50,6 +49,7 @@ defs_error_seen=no
 fatal () {
     echo "$pgmname: fatal:" $* >&2
     echo "$pgmname: fatal:" $* >&5
+    echo stop >gnupg-test.stop
     exit 1;
 }
 
@@ -121,7 +121,7 @@ echo_n () {
 #}
 
 have_pubkey_algo () {
-  if  ../../g10/gpg2 --homedir .  --version | grep "Pubkey:.*$1" >/dev/null
+  if  $GPG --version | grep "Pubkey:.*$1" >/dev/null
   then
 	true
   else
@@ -130,7 +130,7 @@ have_pubkey_algo () {
 }
 
 have_cipher_algo () {
-  if  ../../g10/gpg2 --homedir .  --version | grep "Cipher:.*$1" >/dev/null
+  if $GPG --version | grep "Cipher:.*$1" >/dev/null
   then
 	true
   else
@@ -139,7 +139,7 @@ have_cipher_algo () {
 }
 
 have_hash_algo () {
-  if  ../../g10/gpg2 --homedir .  --version | grep "Hash:.*$1" >/dev/null
+  if $GPG --version | grep "Hash:.*$1" >/dev/null
   then
 	true
   else
@@ -148,11 +148,13 @@ have_hash_algo () {
 }
 
 all_cipher_algos () {
-  ../../g10/gpg2 --homedir . --with-colons --list-config ciphername | sed 's/^cfg:ciphername://; s/;/ /g'
+  $GPG --with-colons --list-config ciphername \
+       | sed 's/^cfg:ciphername://; s/;/ /g'
 }
 
 all_hash_algos () {
-  ../../g10/gpg2 --homedir . --with-colons --list-config digestname | sed 's/^cfg:digestname://; s/;/ /g'
+  $GPG --with-colons --list-config digestname \
+       | sed 's/^cfg:digestname://; s/;/ /g'
 }
 
 set -e
@@ -161,6 +163,16 @@ pgmname=`basename $0`
 
 [ -z "$srcdir" ] && fatal "not called from make"
 
+# 
+if [ -f gnupg-test.stop ]; then
+    if [ $pgmname = "version.test" ]; then
+        rm gnupg-test.stop
+    else
+        # Skip the rest of the tests. 
+        exit 77
+    fi
+fi
+
 # Always work in the current directory.  We set GNUPGHOME only if it
 # has not been set already.  Usually it is set through the Makefile's
 # TESTS_ENVIRONMENT macro.
@@ -172,21 +184,32 @@ elif [ "$GNUPGHOME" != `/bin/pwd` ]; then
   exit 1
 fi
 
+# We don't use GPG_AGENT_INFO anymore - better reset it.
+unset GPG_AGENT_INFO
+
+# (--no-permission-warning makes only sense on the commandline)
+GPG="../../g10/gpg2 --no-permission-warning "
+# (We may not use a relative name for gpg-agent.)
+GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
+GPG_CONNECT_AGENT="../../tools/gpg-connect-agent"
+GPGCONF="../../tools/gpgconf"
+GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase"
+MKTDATA="../../tools/mk-tdata"
+
 # Make sure we have a valid option files even with VPATH builds.
 for f in gpg.conf gpg-agent.conf ; do 
   if [ -f ./$f ]; then
     :
   elif [ -f $srcdir/$f.tmpl ]; then
     cat $srcdir/$f.tmpl >$f
+    if [ "$f" = "gpg.conf" ]; then
+      echo "agent-program $GPG_AGENT" >>gpg.conf
+    fi
   fi
 done
 
-# (--no-permission-warning makes only sense on the commandline)
-GPG="../../g10/gpg2 --no-permission-warning "
-
 echo "Test: $pgmname"                  >  ${pgmname}.log
 echo "GNUPGHOME=$GNUPGHOME"            >> ${pgmname}.log
-echo "GPG_AGENT_INFO=$GPG_AGENT_INFO"  >> ${pgmname}.log
 exec 5>&2 2>>${pgmname}.log
 
 :
diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test
index 01fe33aa8..ed474d0ed 100755
--- a/tests/openpgp/encrypt-dsa.test
+++ b/tests/openpgp/encrypt-dsa.test
@@ -12,17 +12,17 @@
 
 #info Checking encryption
 for i in $plain_files $data_files ; do
-    $GPG $dsa_keyrings --always-trust -e -o x --yes -r "$dsa_usrname2" $i
-    $GPG $dsa_keyrings -o y --yes x
+    $GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i
+    $GPG -o y --yes x
     cmp $i y || error "$i: mismatch"
 done
 
 for ca in `all_cipher_algos` ; do
     echo_n "$ca "
     for i in $plain_files $data_files ; do
-	$GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \
+	$GPG --always-trust --cipher-algo $ca -e \
 	    -o x --yes -r "$dsa_usrname2" $i
-	$GPG $dsa_keyrings -o y --yes x
+	$GPG -o y --yes x
 	cmp $i y || error "$i: mismatch"
     done
 done
diff --git a/tests/openpgp/finish.test b/tests/openpgp/finish.test
new file mode 100755
index 000000000..fced57036
--- /dev/null
+++ b/tests/openpgp/finish.test
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright 2010 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.  This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+if $GPG_AGENT --quiet; then
+  $GPG_CONNECT_AGENT killagent /bye >/dev/null
+fi
+
+exit 0
+
diff --git a/tests/openpgp/genkey1024.test b/tests/openpgp/genkey1024.test
index 1d716d86d..99a0d5d72 100755
--- a/tests/openpgp/genkey1024.test
+++ b/tests/openpgp/genkey1024.test
@@ -10,10 +10,7 @@
 
 . $srcdir/defs.inc || exit 3
 
-# FIXME: Skip this test for now
-exit 77
-
-$GPG --quiet --batch --debug-quick-random  --gen-key <<EOF
+$GPG --quiet --batch --gen-key <<EOF
 Key-Type: DSA
 Key-Length: 1024
 Subkey-Type: ELG
@@ -22,12 +19,13 @@ Name-Real: Harry H.
 Name-Comment: test key 
 Name-Email: hh@@ddorf.de
 Expire-Date: 1
-Passphrase: abc
+%no-protection
+%transient-key
 %commit
 EOF
 
 if have_pubkey_algo "RSA"; then
-$GPG --quiet --batch --debug-quick-random --gen-key <<EOF
+$GPG --quiet --batch --gen-key <<EOF
 Key-Type: RSA
 Key-Length: 1024
 Key-Usage: sign,encrypt
@@ -35,7 +33,8 @@ Name-Real: Harry A.
 Name-Comment: RSA test key 
 Name-Email: hh@@ddorf.de
 Expire-Date: 2
-Passphrase: abc
+%no-protection
+%transient-key
 %commit
 EOF
 fi
diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl
index 3833e0a8f..3de8fd151 100644
--- a/tests/openpgp/gpg-agent.conf.tmpl
+++ b/tests/openpgp/gpg-agent.conf.tmpl
@@ -1,3 +1,7 @@
 use-standard-socket
-
+allow-preset-passphrase
+no-grab
+log-file socket:///home/wk/b/gnupg/tests/openpgp/S.log
+debug 1024
+verbose
 
diff --git a/tests/openpgp/mkdemodirs b/tests/openpgp/mkdemodirs
index 7e6ec2c10..a381681b0 100755
--- a/tests/openpgp/mkdemodirs
+++ b/tests/openpgp/mkdemodirs
@@ -4,7 +4,7 @@ set -e
 
 # We need to use --no-options so that a gpg.conf from an older version
 # of gpg is not used.
-GPG="../g10/gpg2 --no-options --batch --quiet
+GPG="../../g10/gpg2 --no-options --batch --quiet
      --no-secmem-warning --allow-secret-key-import"
 
 NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India
diff --git a/tests/openpgp/multisig.test b/tests/openpgp/multisig.test
index 908b57842..9ad8676fd 100755
--- a/tests/openpgp/multisig.test
+++ b/tests/openpgp/multisig.test
@@ -132,7 +132,7 @@ cnksIEkgY2FuJ3QgZG8gdGhhdAo=
 
 
 for i in  sig_sl_valid ; do
-    eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x
+    eval "(IFS=; echo \"\$$i\")" | $GPG --dearmor >x
     $GPG --verify x 2>/dev/null || error "valid is invalid ($i)"
     linefeed
 done
@@ -145,7 +145,7 @@ done
 for i in sig_1ls1ls_valid sig_ls_valid \
          sig_1lsls_invalid sig_lsls_invalid \
          sig_lss_invalid sig_slsl_invalid ; do
-    eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x
+    eval "(IFS=; echo \"\$$i\")" | $GPG --dearmor >x
     $GPG --verify <x 2>/dev/null && error "invalid is valid ($i)"
     linefeed
 done
diff --git a/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc b/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc
new file mode 100644
index 000000000..ddf0fb975
--- /dev/null
+++ b/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc
@@ -0,0 +1,12 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDExOnByaXZhdGUta2V5KDM6ZWxnKDE6cDk3OgD/BWuU2w+pPFZltSIytQ3wyNMV
+HbFSG5PDdx29GCJU9RP+rWXX4jcKmilUHH9e4CSDmwcHzTNzqlmDrnZgVXd0uhNx
+5LuuJ1vmTbewdraFkYJ5OjoB3Eg7LneCII8M/0UpKDE6ZzE6AikoMTp5OTY6Toef
+zlcVKiPuobKfXHDhIUQPTfGic2Az47wkMoYHo9j9ZE7AWaliMdPz4jLyLfqqoU9m
+H8g+vJhyAc7UnAF2Sk5466FDypdPm5F9PTW3cqqIwJM4WgkSlM8J2hxH4YtlKSgx
+OngyOTob6nEVc0W4M+ZyrqMvp26DaKRnuFwcsDLsN11JLykpKQ==
+=Ghie
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc b/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc
new file mode 100644
index 000000000..0c15f8cce
--- /dev/null
+++ b/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToAqFJWduzk11/m0Ac/K/mab0kz
+zr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNkY98tRYUg6A40wFgkKz/4jdOa
+iDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2dfrvYTZYxy2m11DA68QK9iPS
+BmksglFMQE2IJatwEAEpKDE6ZTI6AQEpKDE6ZDEyODoAvKABRIX7dtUOm2y6VyGs
+ESE5D4YI1AhL0EWodt84EPEUvC1o61UuYbAe28JIHwjIKDLgDiedZ6hTBV3K5cI1
+aFHL421hDE0qtD+mVZhcRGnR2RHhr9gX6qX+4P8mV0w1nhdShwUhlFO1GuwQ2/dW
+KwYdXGbDW7P58LIiudGWuSkoMTpwNjU6AMM8WAY5lr1ZdSqr39rNqntLZqoXVO4N
+ibd5Tw3o/3JMVJ/xEqMykrude87nlPCAJMPlX9gjP1B57UmRxN8mGNkpKDE6cTY1
+OgDctZRfAPGvQ4vUwxG4uso9nbCtFlGYZTQgMPHfMFflUyxH9Y0zA8ujyKKYFPYX
+t7Pe6Y+qqu6BG0mPqvIXe3dpKSgxOnU2NDop+y32myNaSakGsQ732PgarqitgefN
+3h9Kec4kS/j85t1esYEbC9XlFluVcIUDaQHdKFpijCl6eC2oFXOkPRwJKSkp
+=nyLM
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc b/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc
new file mode 100644
index 000000000..c674b653e
--- /dev/null
+++ b/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToArHGqWD0rP0Nn/c3nYELTD4m1
+gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWYs5mCU1DIfrZLF0nJnAJ6
+WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDnG74QDUnvtnpDIAs32sg5
+dnusstrriXD8xXgt0g8pKDE6cTIxOgC449htJbbp5rkJHvBDs4YxEIkk5ykoMTpn
+MTI4Ol+ITxpSMOT5R67Bu4XWoYU7nVeYURpb6LJ8LK2CV7ygECwFdRFdukiGFB+a
+TP8nF6xtuXalaBuerkKp4QXVKqOIkp7MWN2TAOOg9eERHPT//whryf49meNYMPLv
+KAe60udHY76Glm+Zso+24WnEwXX2od1PHVV3CItWRb7YmhgGKSgxOnkxMjg6AgXt
+40h2lpiIHTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMr
+db64fQT+fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZ
+grr6AixK58uZ4wauy8LRZCph67UZ8akcgwJkmVkpKDE6eDIwOn/Y1rjZASGMK9IG
+b1y/ZDKT0zkTKSkp
+=muRa
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc b/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc
new file mode 100644
index 000000000..6233524f0
--- /dev/null
+++ b/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc
@@ -0,0 +1,21 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6AL8pJ97q5V8O
+ADcGsak0uFXFP/K3BcykEjykR1OJjSNaditv9i7zC0J5n0YC7H9kD+1537ul2Jsd
+d9fk/MN+BRNnCsglrns5SlbAjzvwDNnE2ydW/Ug/q58bIRIowTg9RA7mF4qHABvS
+BDAXACtLe/ih5isSWOEnv2Sm3fX0kQATKSgxOnEyMToA+hTknylYwYGT/PEVQ4Jl
+LPoWmqUpKDE6ZzEyOToAmfUdfU53m3Kgrg4QAzkb7AfPdIGPgUyidk1azUi3Tcko
+egzm6VDYWARaYFUg9MpIOb+NBc9gCnPkOnGmgZhtMJoSjrN8TfYATOhcOYYBkT3R
+eGr/BwQ34lwekfK0AD+f6FhpHexh6BDnaZYxH691330o7RXSMtFxySAEDtnaOUUp
+KDE6eTEyODp8cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6
+ZF7BvLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtE
+J4EnHmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTSkoOTpwcm90
+ZWN0ZWQyNTpvcGVucGdwLXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4OnBnEA/u
+YyreNzo0OTMzNjMyKTE2OtXuvrOxsl1/bOm+6zBEQZ0pODA6XEPa+d4D7F2jof/+
+sJvtf22PzAgN/qZ93eIKlJaHxQFQeOyLrghCAUyZLIBzR8dlNBG+uWhg7DBJMVnR
+MhH24nqzdivp+SxlMO0XdnkmkBspKDEyOnByb3RlY3RlZC1hdDE1OjIwMTAxMDE0
+VDEyMDgxMSkpKQ==
+=ZfqD
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc b/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc
new file mode 100644
index 000000000..79699a208
--- /dev/null
+++ b/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc
@@ -0,0 +1,21 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6ALZlsUNfTCYk
+jzIsNhB0iJl4C4cuZ/IeypdosZQxm1aIC+f+E2ly3BqGbMqbmheKcdS9SQs5DSzy
+s6W7XmeHDhrNzfStM/UuwiSfnM5E2cV2BgLpErKE56Kb/rf7/Ia12dObj2VV9oKr
+CwSYEISRdp5YMar6J7Vvz0nz1Pqf8mq7KSgxOnEyMToAoQkjVeVGG+B/SzJ6+yif
+dHWQVkcpKDE6ZzEyODoVw8i11+Plhxj9mnredV5SqI1hsLGZnPSzz2IcFP0XFDu3
+HtUEG9FxZVFRQYWNCUKTP7cv5DYvmhlhc4oG0PhwFmZFLwPPlSAFZ3jfqfkh4RiM
+i01yqQGE6uOgML5ZWeQqb39Ngqf/ltWlcgNKpwVjMniMV5kfRzoupccZ+XI2oyko
+MTp5MTI4OlVm585daoJeQG/Pg7LdDkVuNBDT/63LysOfw5NqI+LjUXJScSLos76r
+IFLT0WOdmP74+RxFxdb31I3GYQlFjsy40e3nAi8QfaM0Q4n2WzPNkUENu7CyNccr
+fn6U9sYTLr3EI/bqIRp/KwoptFcmETUL62TxKcr4abrayK+Yr/lqKSg5OnByb3Rl
+Y3RlZDI1Om9wZW5wZ3AtczJrMy1zaGExLWFlcy1jYmMoKDQ6c2hhMTg6ndF2xFqT
+19k3OjUyNDI4ODApMTY6QB3EeZz7Zs2uIRmjRj/ocyk4MDoN3zs2+IgNNxe0pZQ9
+XzwAAgAA0MhK4ypYOdDc2fvfvCsjrhQyUW5ZQVVxFmf7hgY6YZzAlldXF9bD9DMC
+JtcJmap6Xk5D7VClxR97yHK+ASkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxMDEwMTRU
+MTU0MzUyKSkp
+=8r3/
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc b/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc
new file mode 100644
index 000000000..7ec044856
--- /dev/null
+++ b/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVsZygxOnAxMjk6AOgCS1p47zcd
+ec0UvVC0phewalHUU6f7mulWr0j0ZY1RU0IOP18HAeT7INcwPcUaUvC9KYenXmYb
+vO1i7sNNUCOsKUamwg+oSNMcbM3AwNwxlggTyJS1N6WzIX7MjRLUlUqtbLRhPDGl
+Cltt6yeAjS0pZT646TANaBDiRIgk94ADKSgxOmcxOgUpKDE6eTEyODpGh2X1Sy+4
+Ip/RtMJDPZOY+Y6sWUN7OiM2BkdUmCLOmaOVfgrsEevKdSBBj0oVWN81U02i7jQz
+hhAI3tZMFJmP/hlF7AlS5HSaLj2+t1nHAKKy70QhskINR41CCv9sHAc5gN1WrY5N
+DpeI12GmqsWMPQVPUHsTTe0QsT6XbHzvCykoOTpwcm90ZWN0ZWQyNTpvcGVucGdw
+LXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4Or78V63MKf6HNzo0OTMzNjMyKTE2
+OkxDOAnTGrRgVCyb5u0UbCYpOTY6tghO175Vpfia/wJGrOUT0hgS3Es/EaEHv+bn
+jYBeErvROJrKtUboxoGox/Qa2xxpFFhFWtR3IX6rjmqS1a5RhwEmYxFb/IzVESuZ
+Kf00wS+lmJuR14ACnuAOfVF6OQP5KSgxMjpwcm90ZWN0ZWQtYXQxNToyMDEwMTAx
+NFQxMjA4MTIpKSk=
+=a0Os
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc b/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc
new file mode 100644
index 000000000..370e8624e
--- /dev/null
+++ b/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc
@@ -0,0 +1,14 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDExOnByaXZhdGUta2V5KDM6ZWxnKDE6cDEyOToAzNix+drHTYCMxS8NiUZNpVTG
+nWfzMjxCqVyZYt9CEm7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/
+oubgIcq0EZ5gOUydaj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4
+KV+Ct/f9QzPv2TMS8qspKDE6ZzE6BikoMTp5MTI4OjdzptnsiJ124yTW5ewhvUVp
+mDGuT9CuA3ggW65bjOhfravX5rfHMCXLPXMNXFgpA012vghVwun/ekkj7/rxapZm
+lE28YpSDj8Pwn/lkqNAjy466My+wUeoCgg7mEg/75is2ogKzx1L52nay7BGmfS41
+5m7BBjWHsiUA6KRtFXt1KSgxOngzMTppFcbO0lgUP4k3sTNfSIfwBCt8YwBTmPk5
+a7hTI4y2KSkp
+=miH9
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc b/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
new file mode 100644
index 000000000..616c69768
--- /dev/null
+++ b/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
@@ -0,0 +1,20 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVsZygxOnAxMjk6AJyN1x9X9Lsj
+fX2Z8O9s7BzMO9OoOxFtvZw+FA0BuDs0WVYkq1GuZ9/XiO0K30zvtZnlb7NMvBfz
+7xbLeYx+vKzy5xkq18+LE5dU+HKKdRQZKrrwgCsDy8tJRO447QsiLTksCDqPMaE3
+2OCRBF5nKrG5vih7/cmEhf2CuAn+2yM3KSgxOmcxOgcpKDE6eTEyODoZ5eYysaLn
+AwPeqQ9vNvUyrCxUEmrvl4svG7zkkg3ZcgAbDpDQUmnijt3gEBCoAzO3c41TU5wJ
+aUNBEPGPWfKcTlmBEGJWjK50QQuA2diGncxIS5SDs+QVaf434a6/KFVQcCmV7K8/
+T2S8/nuGJ/rIlFL5XovW6A/S9mYEjh2pDykoOTpwcm90ZWN0ZWQyNTpvcGVucGdw
+LXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4OkuRjUFO6YIJNzo0NjYwMjI0KTE2
+Or7L9Ekww4C0lZz3g61PzJEpMTkyOk7ezAcv7simMXQw+afvqUlhdoyVM4QQuhj8
+KzqjNP3IC2fSHoFECWxGfC1fNcuqzRnzs98TqAy5BDnNXSW+e+CpenWtLpID/dvb
+azkeATfhMf/2KMd2Mahi6rnQ6IBnxhq1d5jLhYg00Ba1HbojEYOkCPKQlFV01bQw
+mUsyQ7sMr42JvdFTI4lDmQlHfqoexpFpLCDv4eUKjvG/K7xs0uLiF4vyMLVH5H/k
+6EF9HEP9sUF+aTDJXrrfHOUG1LR6/CkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxMDEw
+MTRUMTUzNTM4KSkp
+=soiR
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc b/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc
new file mode 100644
index 000000000..7b25b7a2b
--- /dev/null
+++ b/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc
@@ -0,0 +1,15 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+Comment: Use "gpg --dearmor" for unpacking
+
+KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDk3OgDbbxWAbWsheUJprK6VryMTpwDi
+YwMfL+92nrHqSfPqlpMWgDTia8qnpRSXbyEmSppp/6/Ygp+N3n32Kznq7PjHXiuW
+LlZGvZMtzmvaMA17y0GY6oLBxS7rhASXIKa9hEUpKDE6cTIxOgD/igRZcqjTHbCv
+I/mTtAPK5yJhqykoMTpnOTc6ALV10OZ7mJkWRMRYeGu1T3uwS7YYORJAHwd1fwKh
+Fys7P8HZaWIXqp8EqFxk8VUEiEo3ONN9jtIRgBmTbNywKbx6WfBItoYTPEoU0UGo
+oM1c/5rfmylyqwdIbMNXDhW4oykoMTp5OTc6AJNnAP6skpHlhVAmecLZT9eRzVoO
+q1ivUIntK2Mh47qsL74q6BBwz2sviPU2Y3pDlbb6Ed0qJAXvdCT24hlfoGoXzkoD
+InkPJTJeL0gCnwmQPjvXFFd71Cvg5LaL4lIQLSkoMTp4MjA6cZuCxaj7sT+FZqTO
+y2lNfMjaQMgpKSk=
+=s5nv
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/seat.test b/tests/openpgp/seat.test
index 28e69256c..8a5f39904 100755
--- a/tests/openpgp/seat.test
+++ b/tests/openpgp/seat.test
@@ -12,7 +12,7 @@
 
 for i in $plain_files ; do
     echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \
-                        -r two -o x --yes $i
+                        -r two@example.com -o x --yes $i
     $GPG -o y --yes x
     cmp $i y || error "$i: mismatch"
 done
diff --git a/tests/openpgp/signencrypt-dsa.test b/tests/openpgp/signencrypt-dsa.test
index 77ded1213..94730998a 100755
--- a/tests/openpgp/signencrypt-dsa.test
+++ b/tests/openpgp/signencrypt-dsa.test
@@ -12,17 +12,17 @@
 
 #info Checking signing and encryption for DSA
 for i in $plain_files $data_files ; do
-    $GPG $dsa_keyrings --always-trust -se -o x --yes \
+    $GPG --always-trust -se -o x --yes \
 		-u "$dsa_usrname1" -r "$dsa_usrname2" $i
-    $GPG $dsa_keyrings -o y --yes x
+    $GPG -o y --yes x
     cmp $i y || error "$i: mismatch"
 done
 
 for da in ripemd160 sha1; do
     for i in $plain_files; do
-	$GPG $dsa_keyrings --always-trust -se -o x --yes --digest-algo $da \
+	$GPG --always-trust -se -o x --yes --digest-algo $da \
 		    -u "$dsa_usrname1" -r "$dsa_usrname2" $i
-	$GPG $dsa_keyrings -o y --yes x
+	$GPG -o y --yes x
 	cmp $i y || error "$i: mismatch"
 	# process only the first one
 	break
diff --git a/tests/openpgp/sigs-dsa.test b/tests/openpgp/sigs-dsa.test
index 8b3b14f14..e4f812a2d 100755
--- a/tests/openpgp/sigs-dsa.test
+++ b/tests/openpgp/sigs-dsa.test
@@ -12,16 +12,15 @@
 
 #info Checking DSA signatures (default digest algo)
 for i in $plain_files $data_files; do
-    $GPG $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i
-    $GPG $dsa_keyrings -o y --yes x
+    $GPG -s -o x --yes -u $dsa_usrname1 $i
+    $GPG -o y --yes x
     cmp $i y || error "$i: mismatch"
 done
 
 for da in ripemd160 sha1; do
     for i in $plain_files; do
-	$GPG $dsa_keyrings --digest-algo $da \
-				-s -o x --yes -u $dsa_usrname1 $i
-	$GPG $dsa_keyrings -o y --yes x
+	$GPG --digest-algo $da -s -o x --yes -u $dsa_usrname1 $i
+	$GPG -o y --yes x
 	cmp $i y || error "$i: mismatch"
 	# process only the first one
 	break
diff --git a/tests/openpgp/sigs.test b/tests/openpgp/sigs.test
index 86b0cdc7b..28ce9f1b1 100755
--- a/tests/openpgp/sigs.test
+++ b/tests/openpgp/sigs.test
@@ -11,7 +11,7 @@
 . $srcdir/defs.inc || exit 3
 
 for i in $plain_files $data_files; do
-    echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i
+    $GPG -s -o x --yes $i
     $GPG -o y --yes x
     cmp $i y || error "$i: mismatch"
 done
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
index 34733e27d..ed0f6c449 100755
--- a/tests/openpgp/version.test
+++ b/tests/openpgp/version.test
@@ -10,8 +10,97 @@
 
 . $srcdir/defs.inc || exit 3
 
-# print the GPG version
+# This is the first test run by "make check".  First kill a possible
+# gpg-agent process from a previous test run.
+if $GPG_AGENT --quiet; then
+    echo "$pgmname: killing leftover gpg-agent process" >&2
+    $GPG_CONNECT_AGENT killagent /bye >/dev/null
+    sleep 2
+fi
+
+
+info "Deleting old files"
+if [ -f Makefile -a -f $srcdir/decrypt-dsa.test ]; then
+  :
+else
+  fatal "not running in the test directory"
+  exit 1
+fi
+if [ -d private-keys-v1.d ]; then
+    rm private-keys-v1.d/* 2>/dev/null || true
+    rmdir private-keys-v1.d 
+fi
+for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do
+  [ -d "$i" ] && rm "$i"
+done
+
+# Now start the agent right away, so that there is only one place
+# where starting the agent may fail.  To speed up key generation we
+# create a faked random seed file.  Note that we need to set the
+# agent-program so that gpg-connect-agent is able to start the agent
+# we are currently testing and not an already installed one.
+info "Starting the agent"
+$MKTDATA 600 >random_seed
+if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then
+    :
+else
+    error "starting the gpg-agent failed"
+    exit 1
+fi
+
+
+info "Creating sample data files"
+for i in 500 9000 32000 80000; do
+    $MKTDATA  $i >data-$i
+done
+cat $srcdir/../../doc/HACKING \
+    $srcdir/../../doc/DETAILS \
+    $srcdir/../../doc/gpg.texi >plain-large
+
+info "Unpacking samples"
+$GPG --dearmor < $srcdir/plain-1o.asc > ./plain-1
+$GPG --dearmor < $srcdir/plain-2o.asc > ./plain-2
+$GPG --dearmor < $srcdir/plain-3o.asc > ./plain-3
+
+info "Storing private keys"
+for i in 50B2D4FA4122C212611048BC5FC31BD44393626E \
+         7E201E28B6FEB2927B321F443205F4724EBE637E \
+         13FDB8809B17C5547779F9D205C45F47CE0217CE \
+         343D8AF79796EE107D645A2787A9D9252F924E6F \
+         8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34 \
+         0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255 \
+         FD692BD59D6640A84C8422573D469F84F3B98E53 \
+         76F7E2B35832976B50A27A282D9B87E44577EB66 \
+         A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD ; do
+   $GPG --dearmor < $srcdir/privkeys/$i.asc > private-keys-v1.d/$i.key
+done
+
+info "Importing public demo and test keys"
+$GPG --yes --import $srcdir/pubdemo.asc $srcdir/pubring.asc
+$GPG --dearmor < $srcdir/pubring.pkr.asc | $GPG --yes --import
+
+
+info "Preset passphrases"
+# one@example.com
+$GPG_PRESET_PASSPHRASE --preset -P def 50B2D4FA4122C212611048BC5FC31BD44393626E
+$GPG_PRESET_PASSPHRASE --preset -P def 7E201E28B6FEB2927B321F443205F4724EBE637E
+# alpha@example.net
+$GPG_PRESET_PASSPHRASE --preset -P abc 76F7E2B35832976B50A27A282D9B87E44577EB66
+$GPG_PRESET_PASSPHRASE --preset -P abc A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD
+
+
+# Note: secring.asc and secring.skr.asc are the original secrings for
+# our test files.  We don't support this as storage format anymore but
+# keep the files here for reference.  The actual keys have been
+# extracted and put in gpg-agent's format unter privkeys/.  Because
+# the current gpg's import feature does not support storing of
+# unprotected keys in the new gpg-agent format, we had to resort to
+# some trickery to convert them.
+
+
+info "Printing the GPG version"
 $GPG --version
 
-#fixme: check that the output is correct
+#fixme: check that the output is as expected
+
 
diff --git a/tools/ChangeLog b/tools/ChangeLog
index de148ba56..84fbe4098 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,5 +1,7 @@
 2010-10-14  Werner Koch  <wk@g10code.com>
 
+	* gpg-connect-agent.c: Add option --agent-program.
+
 	* gpg-connect-agent.c (start_agent): Rewrite using the
 	start_new_gpg_agent function.
 
diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
index 652f288c5..8de67bbf0 100644
--- a/tools/gpg-connect-agent.c
+++ b/tools/gpg-connect-agent.c
@@ -56,6 +56,7 @@ enum cmd_and_opt_values
 
     oNoVerbose	= 500,
     oHomedir,
+    oAgentProgram,
     oHex,
     oDecode,
     oNoExtConnect
@@ -85,6 +86,7 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
   ARGPARSE_s_s (oHomedir, "homedir", "@" ),   
+  ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
 
   ARGPARSE_end ()
 };
@@ -96,6 +98,7 @@ struct
   int verbose;		/* Verbosity level.  */
   int quiet;		/* Be extra quiet.  */
   const char *homedir;  /* Configuration directory name */
+  const char *agent_program;  /* Value of --agent-program.  */
   int hex;              /* Print data lines in hex format. */
   int decode;           /* Decode received data lines.  */
   const char *raw_socket; /* Name of socket to connect in raw mode. */
@@ -1186,6 +1189,7 @@ main (int argc, char **argv)
         case oVerbose:   opt.verbose++; break;
         case oNoVerbose: opt.verbose = 0; break;
         case oHomedir:   opt.homedir = pargs.r.ret_str; break;
+        case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
         case oHex:       opt.hex = 1; break;
         case oDecode:    opt.decode = 1; break;
         case oRawSocket: opt.raw_socket = pargs.r.ret_str; break;
@@ -2168,7 +2172,7 @@ start_agent (void)
   err = start_new_gpg_agent (&ctx,
                              GPG_ERR_SOURCE_DEFAULT,
                              opt.homedir,
-                             NULL,
+                             opt.agent_program,
                              NULL, NULL,
                              session_env,
                              !opt.quiet, 0,
-- 
cgit v1.2.3