From 789d240cb40ab36406a7c57ad49897e0bafbb41e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 11 Apr 2018 20:35:40 +0200
Subject: gpg: New option --no-symkey-cache.

* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 NEWS             |  3 +++
 doc/gpg.texi     | 11 ++++++++++-
 g10/gpg.c        |  3 +++
 g10/options.h    |  4 +++-
 g10/passphrase.c |  3 +++
 5 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 8b9d2bcf8..403c2a05f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 Noteworthy changes in version 2.2.7 (unreleased)
 ------------------------------------------------
 
+  * gpg: New option --no-symkey-cache to disable the passphrase cache
+    for symmetrical en- and decryption.
+
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
 ------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 086b4fce5..908af7b03 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -214,7 +214,10 @@ symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the
 @option{--encrypt} (for a message that may be decrypted via a secret key
 or a passphrase), or @option{--sign} and @option{--encrypt} together
 (for a signed message that may be decrypted via a secret key or a
-passphrase).
+passphrase).  @command{@gpgname} caches the passphrase used for
+symmetric encryption so that a decrypt operation may not require that
+the user needs to enter the passphrase.  The option
+@option{--no-symkey-cache} can be used to disable this feature.
 
 @item --store
 @opindex store
@@ -3140,6 +3143,12 @@ are:
   Pinentry the user is not prompted again if he enters a bad password.
 @end table
 
+@item --no-symkey-cache
+@opindex no-symkey-cache
+Disable the passphrase cache used for symmetrical en- and decryption.
+This cache is based on the message specific salt value
+(cf. @option{--s2k-mode}).
+
 @item --request-origin @var{origin}
 @opindex request-origin
 Tell gpg to assume that the operation ultimately originated at
diff --git a/g10/gpg.c b/g10/gpg.c
index 2c93a8380..fbbdd92ba 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -423,6 +423,7 @@ enum cmd_and_opt_values
     oSender,
     oKeyOrigin,
     oRequestOrigin,
+    oNoSymkeyCache,
 
     oNoop
   };
@@ -888,6 +889,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
   ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
   ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
+  ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
 
   /* Dummy options with warnings.  */
   ARGPARSE_s_n (oUseAgent,      "use-agent", "@"),
@@ -3556,6 +3558,7 @@ main (int argc, char **argv)
             break;
 
           case oNoAutostart: opt.autostart = 0; break;
+          case oNoSymkeyCache: opt.no_symkey_cache = 1; break;
 
 	  case oDefaultNewKeyAlgo:
             opt.def_new_key_algo = pargs.r.ret_str;
diff --git a/g10/options.h b/g10/options.h
index e1bf97fb1..96b76f8f2 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -242,7 +242,7 @@ struct
     unsigned int allow_weak_digest_algos:1;
     unsigned int large_rsa:1;
     unsigned int disable_signer_uid:1;
-    /* Flag to enbale experimental features from RFC4880bis.  */
+    /* Flag to enable experimental features from RFC4880bis.  */
     unsigned int rfc4880bis:1;
   } flags;
 
@@ -275,6 +275,8 @@ struct
 
   int unwrap_encryption;
   int only_sign_text_ids;
+
+  int no_symkey_cache;   /* Disable the cache used for --symmetric.  */
 } opt;
 
 /* CTRL is used to keep some global variables we currently can't
diff --git a/g10/passphrase.c b/g10/passphrase.c
index a498f627b..ffdcdf2bd 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -317,6 +317,9 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
     canceled = &dummy_canceled;
   *canceled = 0;
 
+  if (opt.no_symkey_cache)
+    nocache = 1;  /* Force no symmtric key caching.  */
+
   if ( !s2k )
     {
       log_assert (create && !nocache);
-- 
cgit v1.2.3


From bb2680a45ab27427d33861802617211052242a33 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 12 Apr 2018 10:52:51 +0900
Subject: po: Update Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 po/ja.po | 101 ++++++++++++++++++++++++++++++---------------------------------
 1 file changed, 48 insertions(+), 53 deletions(-)

diff --git a/po/ja.po b/po/ja.po
index 4920e4ed2..d80506696 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -4,13 +4,13 @@
 # IIDA Yosiaki <iida@gnu.org>, 1999, 2000, 2002, 2003, 2004.
 # Yoshihiro Kajiki <kajiki@ylug.org>, 1999.
 # Takashi P.KATOH, 2002.
-# NIIBE Yutaka <gniibe@fsij.org>, 2013, 2014, 2015, 2016, 2017.
+# NIIBE Yutaka <gniibe@fsij.org>, 2013, 2014, 2015, 2016, 2017, 2018.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.2.6\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2018-03-30 19:31+0900\n"
+"PO-Revision-Date: 2018-04-12 10:51+0900\n"
 "Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n"
 "Language-Team: none\n"
 "Language: ja\n"
@@ -278,7 +278,7 @@ msgstr ""
 "避けましょう。"
 
 msgid "Warning: You have entered an insecure passphrase."
-msgstr "*警告*: 安全とは言えないパスフレーズが入力されました。"
+msgstr "警告: 安全とは言えないパスフレーズが入力されました。"
 
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
@@ -397,7 +397,7 @@ msgstr "選択されたダイジェスト・アルゴリズムは、無効です
 
 #, c-format
 msgid "Note: no default option file '%s'\n"
-msgstr "*注意*: デフォルトのオプション・ファイル '%s' がありません\n"
+msgstr "注意: デフォルトのオプション・ファイル '%s' がありません\n"
 
 #, c-format
 msgid "option file '%s': %s\n"
@@ -409,7 +409,7 @@ msgstr "'%s' からオプションを読み込みます\n"
 
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
-msgstr "*注意*: '%s'はオプションとは考えられません\n"
+msgstr "注意: '%s'はオプションとは考えられません\n"
 
 #, c-format
 msgid "can't create socket: %s\n"
@@ -626,7 +626,7 @@ msgstr "誤り"
 
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
-msgstr "*注意*: パスフレーズは変更されていません。%0A今、変更してください。"
+msgstr "注意: パスフレーズは変更されていません。%0A今、変更してください。"
 
 #, c-format
 msgid ""
@@ -1195,12 +1195,12 @@ msgstr "*警告*: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
-"*注意*: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれませ"
+"注意: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれませ"
 "ん。\n"
 
 #, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "*注意*: \"%s\"コマンドを使って再起動してください。\n"
+msgstr "注意: \"%s\"コマンドを使って再起動してください。\n"
 
 #, c-format
 msgid "%s is not compliant with %s mode\n"
@@ -1320,9 +1320,9 @@ msgid ""
 "      If the key generation does not succeed, please check the\n"
 "      documentation of your card to see what sizes are allowed.\n"
 msgstr ""
-"*注意*: カードが要求された鍵長をサポートしているという保証はありません。\n"
-"        鍵生成が成功しない場合、あなたのカードに関する技術文書を確認し、\n"
-"        利用できる鍵長について確認ください。\n"
+"注意: カードが要求された鍵長をサポートしているという保証はありません。\n"
+"      鍵生成が成功しない場合、あなたのカードに関する技術文書を確認し、\n"
+"      利用できる鍵長について確認ください。\n"
 
 #, c-format
 msgid "What keysize do you want? (%u) "
@@ -1364,12 +1364,12 @@ msgstr "無効な選択です。\n"
 
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
-msgstr "今、%uビットの鍵を生成するようにカードは再コンフィグされました\n"
+msgstr "カードは、今、%uビットの鍵を生成するように再コンフィグされます\n"
 
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
-"カードは、今、こちらのタイプの鍵を生成するように再コンフィグされました: %s\n"
+"カードは、今、こちらのタイプの鍵を生成するように再コンフィグされます: %s\n"
 
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
@@ -1377,7 +1377,7 @@ msgstr "鍵%dの属性を変更する際にエラー: %s\n"
 
 #, c-format
 msgid "error getting card info: %s\n"
-msgstr "鍵情報の取得エラー: %s\n"
+msgstr "カード情報の取得エラー: %s\n"
 
 msgid "This command is not supported by this card\n"
 msgstr "このカードでは、このコマンドはサポートされていません。\n"
@@ -1386,7 +1386,7 @@ msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "暗号化鍵のカード外バックアップを作成しますか? (Y/n) "
 
 msgid "Note: keys are already stored on the card!\n"
-msgstr "*注意*: 秘密鍵はもうカードに保管してあります!\n"
+msgstr "注意: 秘密鍵はもうカードに保管してあります!\n"
 
 msgid "Replace existing keys? (y/N) "
 msgstr "既存の鍵を置き換えますか? (y/N) "
@@ -1421,7 +1421,7 @@ msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARDが失敗しました: %s\n"
 
 msgid "Note: This command destroys all keys stored on the card!\n"
-msgstr "*注意*: このコマンドはカードに保管してあるすべての鍵を破壊します!\n"
+msgstr "注意: このコマンドはカードに保管してあるすべての鍵を破壊します!\n"
 
 msgid "Continue? (y/N) "
 msgstr "続けますか? (y/N) "
@@ -1555,7 +1555,7 @@ msgstr "所有者信用情報をクリアしました\n"
 
 #, c-format
 msgid "there is a secret key for public key \"%s\"!\n"
-msgstr "この公開鍵にたいする秘密鍵\"%s\"があります!\n"
+msgstr "この公開鍵に対する秘密鍵\"%s\"があります!\n"
 
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "まず\"--delete-secret-keys\"オプションでこれを削除してください。\n"
@@ -2091,11 +2091,11 @@ msgstr "(選択肢の一覧には\"help\"を使ってください)\n"
 
 #, c-format
 msgid "Note: old default options file '%s' ignored\n"
-msgstr "*注意*: 以前デフォルトだったオプション・ファイル'%s'は、無視されます\n"
+msgstr "注意: 以前デフォルトだったオプション・ファイル'%s'は、無視されます\n"
 
 #, c-format
 msgid "Note: %s is not for normal use!\n"
-msgstr "*注意*: 普通%sは使いません!\n"
+msgstr "注意: 普通%sは使いません!\n"
 
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
@@ -2250,7 +2250,7 @@ msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "無効なmin-cert-level。0か1か2か3でなければなりません\n"
 
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
-msgstr "*注意*: 単純なS2Kモード(0)の使用には強く反対します\n"
+msgstr "注意: 単純なS2Kモード(0)の使用には強く反対します\n"
 
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "無効なS2Kモード。0か1か3でなければなりません\n"
@@ -2350,7 +2350,7 @@ msgstr "'%s'は有効な鍵ID, フィンガープリント、keygripではない
 
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
-"警告: コマンドが指定されていません。なにを意味しているのか当ててみます ...\n"
+"*警告*: コマンドが指定されていません。なにを意味しているのか当ててみます ...\n"
 
 msgid "Go ahead and type your message ...\n"
 msgstr "開始します。メッセージを打ってください ...\n"
@@ -2868,7 +2868,7 @@ msgid ""
 "The self-signature on \"%s\"\n"
 "is a PGP 2.x-style signature.\n"
 msgstr ""
-"\"%s\"にたいする自己署名は、\n"
+"\"%s\"に対する自己署名は、\n"
 "PGP 2.x形式の署名です。\n"
 
 msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
@@ -2890,7 +2890,7 @@ msgid ""
 "Your current signature on \"%s\"\n"
 "is a local signature.\n"
 msgstr ""
-"\"%s\"にたいするあなたの今の署名\n"
+"\"%s\"に対するあなたの今の署名\n"
 "はローカルな署名です。\n"
 
 msgid "Do you want to promote it to a full exportable signature? (y/N) "
@@ -3467,15 +3467,11 @@ msgstr "主鍵の有効期限を変更します。\n"
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "v3鍵の有効期限は変更できません\n"
 
-#, fuzzy
-#| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
-msgstr "副鍵の有効期限を変更します。\n"
+msgstr "副鍵の使用法を変更します。\n"
 
-#, fuzzy
-#| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
-msgstr "主鍵の有効期限を変更します。\n"
+msgstr "主鍵の使用法を変更します。\n"
 
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
@@ -3982,7 +3978,7 @@ msgstr "バックアップ・ファイル'%s'が作成できません: %s\n"
 
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
-msgstr "*注意*: カード鍵のバックアップが'%s'へ保存されます\n"
+msgstr "注意: カード鍵のバックアップが'%s'へ保存されます\n"
 
 #, c-format
 msgid "writing public key to '%s'\n"
@@ -4017,7 +4013,7 @@ msgid ""
 msgstr "鍵は%lu秒未来にできました (時間歪曲か時計の障害でしょう)\n"
 
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
-msgstr "*注意*: v3鍵に対する副鍵の作成は、OpenPGPに適合しません\n"
+msgstr "注意: v3鍵に対する副鍵の作成は、OpenPGPに適合しません\n"
 
 msgid "Secret parts of primary key are not available.\n"
 msgstr "主鍵の秘密部分が利用できません。\n"
@@ -4069,7 +4065,7 @@ msgstr[0] "エラーのため%d個の署名を検査しません\n"
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
-msgstr[0] "*警告*: %lu個の鍵がその大きさのためスキップされました\n"
+msgstr[0] "警告: %lu個の鍵がその大きさのためスキップされました\n"
 
 msgid "Keyring"
 msgstr "鍵リング"
@@ -4262,7 +4258,7 @@ msgid "decryption failed: %s\n"
 msgstr "復号に失敗しました: %s\n"
 
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
-msgstr "*注意*: 送信者は\"極秘とする\"ように求めています\n"
+msgstr "注意: 送信者は\"極秘とする\"ように求めています\n"
 
 #, c-format
 msgid "original file name='%.*s'\n"
@@ -4401,7 +4397,7 @@ msgstr "*警告*: ダイジェスト・アルゴリズム %s は廃止されて
 
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
-msgstr "*注意*: アルゴリズム %s を用いた署名は拒否されました\n"
+msgstr "注意: アルゴリズム %s を用いた署名は拒否されました\n"
 
 #, c-format
 msgid "(reported error: %s)\n"
@@ -4725,15 +4721,15 @@ msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "*警告*: この副鍵は所有者によって失効されています!\n"
 
 msgid "Note: This key has been disabled.\n"
-msgstr "*注意*: この鍵は使用禁止に設定されています。\n"
+msgstr "注意: この鍵は使用禁止に設定されています。\n"
 
 #, c-format
 msgid "Note: Verified signer's address is '%s'\n"
-msgstr "*注意*: 確認された署名者のアドレスは'%s'です\n"
+msgstr "注意: 確認された署名者のアドレスは'%s'です\n"
 
 #, c-format
 msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "*注意*: 署名者のアドレス'%s'がDNSのエントリと一致しません\n"
+msgstr "注意: 署名者のアドレス'%s'がDNSのエントリと一致しません\n"
 
 msgid "trustlevel adjusted to FULL due to valid PKA info\n"
 msgstr "PKA情報が有効のため、信用レベルがFULLに調整されました\n"
@@ -4742,7 +4738,7 @@ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
 msgstr "PKA情報が無効のため、信用レベルがNEVERに調整されました\n"
 
 msgid "Note: This key has expired!\n"
-msgstr "*注意*: この鍵は期限切れです!\n"
+msgstr "注意: この鍵は期限切れです!\n"
 
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "*警告*: この鍵は信用できる署名で証明されていません!\n"
@@ -4823,11 +4819,11 @@ msgstr "有効な宛先がありません\n"
 
 #, c-format
 msgid "Note: key %s has no %s feature\n"
-msgstr "*注意*: 鍵%sには %s の機能がありません\n"
+msgstr "注意: 鍵%sには %s の機能がありません\n"
 
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
-msgstr "*注意*: 鍵%sには%sに対する優先指定がありません\n"
+msgstr "注意: 鍵%sには%sに対する優先指定がありません\n"
 
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
@@ -4877,10 +4873,10 @@ msgstr "*警告*: 暗号アルゴリズム%sは受取人の優先指定に入っ
 
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
-msgstr "*注意*: 秘密鍵%sは%sで期限切れとなります\n"
+msgstr "注意: 秘密鍵%sは%sで期限切れとなります\n"
 
 msgid "Note: key has been revoked"
-msgstr "*注意*: 鍵は失効済みです"
+msgstr "注意: 鍵は失効済みです"
 
 #, c-format
 msgid "build_packet failed: %s\n"
@@ -5074,28 +5070,27 @@ msgstr[0] "鍵%sは%lu日、未来にできました (時間歪曲か時計の
 
 #, c-format
 msgid "Note: signature key %s expired %s\n"
-msgstr "*注意*: 署名鍵%sは%sに期限切れとなります\n"
+msgstr "注意: 署名鍵%sは%sに期限切れとなります\n"
 
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
-msgstr "*注意*: 鍵 %s は失効済みです\n"
+msgstr "注意: 鍵 %s は失効済みです\n"
 
-#, fuzzy, c-format
-#| msgid "standalone signature of class 0x%02x\n"
+#, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
-msgstr "クラス0x%02xのスタンドアロン署名\n"
+msgstr "鍵%sによる不正な鍵への署名: %s (0x%02x, 0x%x)\n"
 
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
-msgstr "不明のクリティカル・ビットにより、鍵%sの署名を不正とみなします\n"
+msgstr "不明のクリティカル・ビットのため、鍵%sによる署名を不正とみなします\n"
 
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
-msgstr "鍵%s: 副鍵失効署名にたいする副鍵がありません\n"
+msgstr "鍵%s: 副鍵失効署名に対する副鍵がありません\n"
 
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
-msgstr "鍵%s: 副鍵対応への署名にたいする副鍵がありません\n"
+msgstr "鍵%s: 副鍵対応への署名に対する副鍵がありません\n"
 
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
@@ -5225,7 +5220,7 @@ msgid "%s: trustdb created\n"
 msgstr "%s: 信用データベースができました\n"
 
 msgid "Note: trustdb not writable\n"
-msgstr "*注意*: 信用データベースが、書き込み不能です\n"
+msgstr "注意: 信用データベースが、書き込み不能です\n"
 
 #, c-format
 msgid "%s: invalid trustdb\n"
@@ -6089,7 +6084,7 @@ msgid "failed to open '%s': %s\n"
 msgstr "'%s'が開けません: %s\n"
 
 msgid "Note: non-critical certificate policy not allowed"
-msgstr "*注意*: クリティカルでない証明書ポリシーは認められません"
+msgstr "注意: クリティカルでない証明書ポリシーは認められません"
 
 msgid "certificate policy not allowed"
 msgstr "証明書ポリシーは認められません"
@@ -6605,7 +6600,7 @@ msgstr ""
 
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
-msgstr "*注意*:'%s'に対して暗号化できません: %s\n"
+msgstr "注意:'%s'に対して暗号化できません: %s\n"
 
 #, c-format
 msgid "unknown validation model '%s'\n"
-- 
cgit v1.2.3


From 327fece0aed2c9974659c72304f9fd1f461d460c Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Thu, 12 Apr 2018 08:56:00 +0200
Subject: build: Update getswdb version check to 2.2

* build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no
longer exists.
---
 build-aux/getswdb.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh
index 83ecdb2f3..cd419f2bd 100755
--- a/build-aux/getswdb.sh
+++ b/build-aux/getswdb.sh
@@ -175,9 +175,9 @@ fi
 # to help detect rollback attacks.
 #
 if [ $skip_selfcheck = no ]; then
-  gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
+  gnupg_ver=$(awk '$1=="gnupg22_ver" {print $2;exit}' swdb.lst)
   if [ -z "$gnupg_ver" ]; then
-      echo "GnuPG 2.1 version missing in swdb.lst!" >&2
+      echo "GnuPG 2.2 version missing in swdb.lst!" >&2
       exit 1
   fi
   gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
-- 
cgit v1.2.3


From bbb5bfacc0d1f179cfec94fd32fee01a09df0f1d Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 12 Apr 2018 11:24:54 +0200
Subject: agent,dirmngr: Add "getenv" to the getinfo command.

* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 agent/command.c  | 18 ++++++++++++++++++
 dirmngr/server.c | 20 +++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/agent/command.c b/agent/command.c
index f2d0389c7..20abb2882 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2825,6 +2825,7 @@ static const char hlp_getinfo[] =
   "  std_env_names   - List the names of the standard environment.\n"
   "  std_session_env - List the standard session environment.\n"
   "  std_startup_env - List the standard startup environment.\n"
+  "  getenv NAME     - Return value of envvar NAME.\n"
   "  connections     - Return number of active connections.\n"
   "  jent_active     - Returns OK if Libgcrypt's JENT is active.\n"
   "  restricted      - Returns OK if the connection is in restricted mode.\n"
@@ -2961,6 +2962,23 @@ cmd_getinfo (assuan_context_t ctx, char *line)
             }
         }
     }
+  else if (!strncmp (line, "getenv", 6)
+           && (line[6] == ' ' || line[6] == '\t' || !line[6]))
+    {
+      line += 6;
+      while (*line == ' ' || *line == '\t')
+        line++;
+      if (!*line)
+        rc = gpg_error (GPG_ERR_MISSING_VALUE);
+      else
+        {
+          const char *s = getenv (line);
+          if (!s)
+            rc = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
+          else
+            rc = assuan_send_data (ctx, s, strlen (s));
+        }
+    }
   else if (!strcmp (line, "connections"))
     {
       char numbuf[20];
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 60d980211..4315c4133 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2489,7 +2489,8 @@ static const char hlp_getinfo[] =
   "dnsinfo     - Return info about the DNS resolver\n"
   "socket_name - Return the name of the socket.\n"
   "session_id  - Return the current session_id.\n"
-  "workqueue   - Inspect the work queue\n";
+  "workqueue   - Inspect the work queue\n"
+  "getenv NAME - Return value of envvar NAME\n";
 static gpg_error_t
 cmd_getinfo (assuan_context_t ctx, char *line)
 {
@@ -2557,6 +2558,23 @@ cmd_getinfo (assuan_context_t ctx, char *line)
       workqueue_dump_queue (ctrl);
       err = 0;
     }
+  else if (!strncmp (line, "getenv", 6)
+           && (line[6] == ' ' || line[6] == '\t' || !line[6]))
+    {
+      line += 6;
+      while (*line == ' ' || *line == '\t')
+        line++;
+      if (!*line)
+        err = gpg_error (GPG_ERR_MISSING_VALUE);
+      else
+        {
+          const char *s = getenv (line);
+          if (!s)
+            err = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
+          else
+            err = assuan_send_data (ctx, s, strlen (s));
+        }
+    }
   else
     err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
 
-- 
cgit v1.2.3


From e2bd152a928d79ddfb95fd2f7911c80a1a8d5a21 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 12 Apr 2018 11:49:36 +0200
Subject: gpg: Relax printing of STATUS_FAILURE.

* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--

This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation.  The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures.  Using that log_error is correct in that case.

Fixes-commit: 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/gpg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/gpg.c b/g10/gpg.c
index fbbdd92ba..aaeddeee2 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -5111,7 +5111,7 @@ g10_exit( int rc )
   /* If we had an error but not printed an error message, do it now.
    * Note that write_status_failure will never print a second failure
    * status line. */
-  if (log_get_errorcount (0))
+  if (rc)
     write_status_failure ("gpg-exit", gpg_error (GPG_ERR_GENERAL));
 
   gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
-- 
cgit v1.2.3


From 23a714598c247d78cfda46a6dc338b17e17cc194 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 12 Apr 2018 16:41:05 +0200
Subject: gpg: Extend the ERRSIG status line with a fingerprint.

* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
Use write_status_printf.  Extend ERRSIG status.
--

Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature.  This is also useful in error messages and thus we add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 NEWS           |  3 +++
 doc/DETAILS    | 13 +++++++++----
 g10/mainproc.c | 57 ++++++++++++++++++++++++++++++++++++++-------------------
 3 files changed, 50 insertions(+), 23 deletions(-)

diff --git a/NEWS b/NEWS
index 403c2a05f..cd547a1eb 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Noteworthy changes in version 2.2.7 (unreleased)
   * gpg: New option --no-symkey-cache to disable the passphrase cache
     for symmetrical en- and decryption.
 
+  * gpg: The ERRSIG status now prints the fingerprint if that is part
+    of the signature.
+
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
 ------------------------------------------------
diff --git a/doc/DETAILS b/doc/DETAILS
index e54e8a0f7..2d78fecf7 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -435,14 +435,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     available.  This is the case with CMS and might eventually also be
     available for OpenPGP.
 
-*** ERRSIG  <keyid>  <pkalgo> <hashalgo> <sig_class> <time> <rc>
+*** ERRSIG  <keyid>  <pkalgo> <hashalgo> <sig_class> <time> <rc> <fpr>
     It was not possible to check the signature.  This may be caused by
     a missing public key or an unsupported algorithm.  A RC of 4
     indicates unknown algorithm, a 9 indicates a missing public
     key. The other fields give more information about this signature.
     sig_class is a 2 byte hex-value.  The fingerprint may be used
-    instead of the keyid if it is available.  This is the case with
-    gpgsm and might eventually also be available for OpenPGP.
+    instead of the long_keyid_or_fpr if it is available.  This is the
+    case with gpgsm and might eventually also be available for
+    OpenPGP.  The ERRSIG line has FPR filed which is only available
+    since 2.2.7; that FPR may either be missing or - if the signature
+    has no fingerprint as meta data.
 
     Note, that TIME may either be the number of seconds since Epoch or
     an ISO 8601 string.  The latter can be detected by the presence of
@@ -717,7 +720,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     The used key has been revoked by its owner.  No arguments yet.
 
 *** NO_PUBKEY  <long keyid>
-    The public key is not available
+    The public key is not available.  Note the arg should in general
+    not be used because it is better to take it from the ERRSIG
+    status line which is printed right before this one.
 
 *** NO_SECKEY  <long keyid>
     The secret key is not available
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 512d33c59..85828274f 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1608,6 +1608,26 @@ akl_has_wkd_method (void)
 }
 
 
+/* Return the ISSUER fingerprint buffer and its lenbgth at R_LEN.
+ * Returns NULL if not available.  The returned buffer is valid as
+ * long as SIG is not modified.  */
+static const byte *
+issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
+{
+  const byte *p;
+  size_t n;
+
+  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
+  if (p && n == 21 && p[0] == 4)
+    {
+      *r_len = n - 1;
+      return p+1;
+    }
+  *r_len = 0;
+  return NULL;
+}
+
+
 /* Return the ISSUER fingerprint string in human readbale format if
  * available.  Caller must release the string.  */
 static char *
@@ -1616,10 +1636,8 @@ issuer_fpr_string (PKT_signature *sig)
   const byte *p;
   size_t n;
 
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
-  if (p && n == 21 && p[0] == 4)
-    return bin2hex (p+1, n-1, NULL);
-  return NULL;
+  p = issuer_fpr_raw (sig, &n);
+  return p? bin2hex (p, n, NULL) : NULL;
 }
 
 
@@ -1659,7 +1677,7 @@ check_sig_and_print (CTX c, kbnode_t node)
   int rc;
   int is_expkey = 0;
   int is_revkey = 0;
-  char *issuer_fpr;
+  char *issuer_fpr = NULL;
   PKT_public_key *pk = NULL;  /* The public key for the signature or NULL. */
   int tried_ks_by_fpr;
 
@@ -1786,13 +1804,14 @@ check_sig_and_print (CTX c, kbnode_t node)
     write_status_text (STATUS_NEWSIG, NULL);
 
   astr = openpgp_pk_algo_name ( sig->pubkey_algo );
-  if ((issuer_fpr = issuer_fpr_string (sig)))
+  issuer_fpr = issuer_fpr_string (sig);
+
+  if (issuer_fpr)
     {
       log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
       log_info (_("               using %s key %s\n"),
                 astr? astr: "?", issuer_fpr);
 
-      xfree (issuer_fpr);
     }
   else if (!keystrlen () || keystrlen () > 8)
     {
@@ -1899,14 +1918,14 @@ check_sig_and_print (CTX c, kbnode_t node)
       const byte *p;
       size_t n;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
-      if (p && n == 21 && p[0] == 4)
+      p = issuer_fpr_raw (sig, &n);
+      if (p)
         {
           /* v4 packet with a SHA-1 fingerprint.  */
           free_public_key (pk);
           pk = NULL;
           glo_ctrl.in_auto_key_retrieve++;
-          res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
+          res = keyserver_import_fprint (c->ctrl, p, n, opt.keyserver, 1);
           tried_ks_by_fpr = 1;
           glo_ctrl.in_auto_key_retrieve--;
           if (!res)
@@ -2273,22 +2292,22 @@ check_sig_and_print (CTX c, kbnode_t node)
     }
   else
     {
-      char buf[50];
-
-      snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
-                (ulong)sig->keyid[0], (ulong)sig->keyid[1],
-                sig->pubkey_algo, sig->digest_algo,
-                sig->sig_class, (ulong)sig->timestamp, gpg_err_code (rc));
-      write_status_text (STATUS_ERRSIG, buf);
+      write_status_printf (STATUS_ERRSIG, "%08lX%08lX %d %d %02x %lu %d %s",
+                           (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+                           sig->pubkey_algo, sig->digest_algo,
+                           sig->sig_class, (ulong)sig->timestamp,
+                           gpg_err_code (rc),
+                           issuer_fpr? issuer_fpr:"-");
       if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
         {
-          buf[16] = 0;
-          write_status_text (STATUS_NO_PUBKEY, buf);
+          write_status_printf (STATUS_NO_PUBKEY, "%08lX%08lX",
+                               (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
 	}
       if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
         log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
     }
 
+  xfree (issuer_fpr);
   return rc;
 }
 
-- 
cgit v1.2.3


From 69c3e7acb744e1e5606a4d946e3b948704cfbbae Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 12 Apr 2018 17:53:17 +0200
Subject: gpg: Extend the "sig" record in --list-mode.

* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/DETAILS      | 17 ++++++++++++++++-
 g10/getkey.c     | 21 ++++++++++++++-------
 g10/keydb.h      |  8 ++++----
 g10/keyedit.c    |  2 +-
 g10/keylist.c    | 15 ++++++++++++---
 g10/mainproc.c   |  5 +++--
 g10/packet.h     |  2 ++
 g10/passphrase.c |  2 +-
 g10/pkclist.c    |  2 +-
 g10/revoke.c     |  2 +-
 10 files changed, 55 insertions(+), 21 deletions(-)

diff --git a/doc/DETAILS b/doc/DETAILS
index 2d78fecf7..16e77c79a 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -105,6 +105,19 @@ described here.
     certificate (i.e. for the trust anchor) and an 'f' for all other
     valid certificates.
 
+    In "sig" records, this field may have one of these values as first
+    character:
+
+    - ! :: Signature is good.
+    - - :: Signature is bad.
+    - ? :: No public key to verify signature or public key is not usable.
+    - % :: Other error verifying a signature
+
+    More values may be added later.  The field may also be empty if
+    gpg has been invoked in a non-checking mode (--list-sigs) or in a
+    fast checking mode.  Since 2.2.7 '?' will also be printed by the
+    command --list-sigs if the key is not in the local keyring.
+
 *** Field 3 - Key length
 
     The length of key in bits.
@@ -195,9 +208,11 @@ described here.
     gpg's --edit-key menu does.
 
     For "sig" records, this is the fingerprint of the key that issued
-    the signature.  Note that this is only filled in if the signature
+    the signature.  Note that this may only be filled if the signature
     verified correctly.  Note also that for various technical reasons,
     this fingerprint is only available if --no-sig-cache is used.
+    Since 2.2.7 this field will also be set if the key is missing but
+    the signature carries an issuer fingerprint as meta data.
 
 *** Field 14 - Flag field
 
diff --git a/g10/getkey.c b/g10/getkey.c
index 0405d1d21..c77b40918 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -4119,15 +4119,20 @@ get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
  *********************************************/
 
 /* Return a string with a printable representation of the user_id.
- * this string must be freed by xfree.   */
+ * this string must be freed by xfree.  If R_NOUID is not NULL it is
+ * set to true if a user id was not found; otherwise to false.  */
 static char *
-get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
+get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len,
+                    int *r_nouid)
 {
   user_id_db_t r;
   keyid_list_t a;
   int pass = 0;
   char *p;
 
+  if (r_nouid)
+    *r_nouid = 0;
+
   /* Try it two times; second pass reads from the database.  */
   do
     {
@@ -4174,6 +4179,8 @@ get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
   else
     p = xasprintf ("%s [?]", keystr (keyid));
 
+  if (r_nouid)
+    *r_nouid = 1;
   if (r_len)
     *r_len = strlen (p);
   return p;
@@ -4183,7 +4190,7 @@ get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
 char *
 get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
 {
-  char *p = get_user_id_string (ctrl, keyid, 0, NULL);
+  char *p = get_user_id_string (ctrl, keyid, 0, NULL, NULL);
   char *p2 = utf8_to_native (p, strlen (p), 0);
   xfree (p);
   return p2;
@@ -4193,15 +4200,15 @@ get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
 char *
 get_long_user_id_string (ctrl_t ctrl, u32 * keyid)
 {
-  return get_user_id_string (ctrl, keyid, 1, NULL);
+  return get_user_id_string (ctrl, keyid, 1, NULL, NULL);
 }
 
 
 /* Please try to use get_user_byfpr instead of this one.  */
 char *
-get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn)
+get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid)
 {
-  return get_user_id_string (ctrl, keyid, 2, rn);
+  return get_user_id_string (ctrl, keyid, 2, rn, r_nouid);
 }
 
 
@@ -4210,7 +4217,7 @@ char *
 get_user_id_native (ctrl_t ctrl, u32 *keyid)
 {
   size_t rn;
-  char *p = get_user_id (ctrl, keyid, &rn);
+  char *p = get_user_id (ctrl, keyid, &rn, NULL);
   char *p2 = utf8_to_native (p, rn, 0);
   xfree (p);
   return p2;
diff --git a/g10/keydb.h b/g10/keydb.h
index cc99241f5..c5671d665 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -404,10 +404,10 @@ void setup_main_keyids (kbnode_t keyblock);
    data structures.  */
 void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock);
 
-char*get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
-char*get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
-char*get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn);
-char*get_user_id_native (ctrl_t ctrl, u32 *keyid);
+char *get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
+char *get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
+char *get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid);
+char *get_user_id_native (ctrl_t ctrl, u32 *keyid);
 char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
 char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
 
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 7cd883d78..c3eca93a0 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -264,7 +264,7 @@ keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
       else
 	{
 	  size_t n;
-	  char *p = get_user_id (ctrl, sig->keyid, &n);
+	  char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
 	  tty_print_utf8_string2 (fp, p, n,
 				  opt.screen_columns - keystrlen () - 26 -
 				  ((opt.
diff --git a/g10/keylist.c b/g10/keylist.c
index 86d1c564f..199cd1330 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1145,7 +1145,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
 	  else if (!opt.fast_list_mode)
 	    {
 	      size_t n;
-	      char *p = get_user_id (ctrl, sig->keyid, &n);
+	      char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
 	      print_utf8_buffer (es_stdout, p, n);
 	      xfree (p);
 	    }
@@ -1513,6 +1513,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
 	  byte fparray[MAX_FINGERPRINT_LEN];
           char *siguid;
           size_t siguidlen;
+          char *issuer_fpr = NULL;
 
 	  if (sig->sig_class == 0x20 || sig->sig_class == 0x28
 	      || sig->sig_class == 0x30)
@@ -1570,11 +1571,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
 	  else
 	    {
 	      rc = 0;
-	      sigrc = ' ';
+	      sigrc = ' '; /* Note the fix-up below in --list-sigs mode.  */
 	    }
 
 	  if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
-            siguid = get_user_id (ctrl, sig->keyid, &siguidlen);
+            {
+              int nouid;
+              siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
+              if (!opt.check_sigs && nouid)
+                sigrc = '?';  /* No key in local keyring.  */
+            }
           else
             {
               siguid = NULL;
@@ -1613,6 +1619,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
 	      for (i = 0; i < fplen; i++)
 		es_fprintf (es_stdout, "%02X", fparray[i]);
 	    }
+          else if ((issuer_fpr = issuer_fpr_string (sig)))
+            es_fputs (issuer_fpr, es_stdout);
 
 	  es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
 
@@ -1621,6 +1629,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
 
 	  /* fixme: check or list other sigs here */
           xfree (siguid);
+          xfree (issuer_fpr);
 	}
     }
 
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 85828274f..49e728656 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1209,7 +1209,7 @@ list_node (CTX c, kbnode_t node)
 	}
       else if (!opt.fast_list_mode)
         {
-          p = get_user_id (c->ctrl, sig->keyid, &n);
+          p = get_user_id (c->ctrl, sig->keyid, &n, NULL);
           es_write_sanitized (es_stdout, p, n,
                               opt.with_colons?":":NULL, NULL );
           xfree (p);
@@ -1630,7 +1630,8 @@ issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
 
 /* Return the ISSUER fingerprint string in human readbale format if
  * available.  Caller must release the string.  */
-static char *
+/* FIXME: Move to another file.  */
+char *
 issuer_fpr_string (PKT_signature *sig)
 {
   const byte *p;
diff --git a/g10/packet.h b/g10/packet.h
index 8dca88b75..43c097e72 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -604,6 +604,8 @@ int proc_signature_packets_by_fd (ctrl_t ctrl,
 int proc_encryption_packets (ctrl_t ctrl, void *ctx, iobuf_t a);
 int list_packets( iobuf_t a );
 
+char *issuer_fpr_string (PKT_signature *sig);
+
 /*-- parse-packet.c --*/
 
 /* Sets the packet list mode to MODE (i.e., whether we are dumping a
diff --git a/g10/passphrase.c b/g10/passphrase.c
index ffdcdf2bd..10574ec6a 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -488,7 +488,7 @@ gpg_format_keydesc (ctrl_t ctrl, PKT_public_key *pk, int mode, int escaped)
                && pk->keyid[1] != pk->main_keyid[1]);
   algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
   timestr = strtimestamp (pk->timestamp);
-  uid = get_user_id (ctrl, is_subkey? pk->main_keyid:pk->keyid, &uidlen);
+  uid = get_user_id (ctrl, is_subkey? pk->main_keyid:pk->keyid, &uidlen, NULL);
 
   orig_codeset = i18n_switchto_utf8 ();
 
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 581cae407..dc19204de 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1149,7 +1149,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
                   else
                     {
                       size_t n;
-                      char *p = get_user_id (ctrl, keyid, &n );
+                      char *p = get_user_id (ctrl, keyid, &n, NULL);
                       tty_print_utf8_string ( p, n );
                       xfree(p);
                     }
diff --git a/g10/revoke.c b/g10/revoke.c
index 846523295..3a089725c 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -571,7 +571,7 @@ gen_standard_revoke (ctrl_t ctrl, PKT_public_key *psk, const char *cache_nonce)
 
   kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
 
-  tmpstr = get_user_id (ctrl, keyid, &len);
+  tmpstr = get_user_id (ctrl, keyid, &len, NULL);
   es_fprintf (memfp, "uid%*s%.*s\n\n",
               kl + 10, "",
               (int)len, tmpstr);
-- 
cgit v1.2.3


From 40fcddd3a98b778f9f31654adf4c06037e8b8e5d Mon Sep 17 00:00:00 2001
From: emma peel <emma.peel@aktivix.org>
Date: Thu, 12 Apr 2018 14:26:42 -0400
Subject: po: Update Spanish translation

--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 po/es.po | 3719 ++++++++++++++++++++++++++------------------------------------
 1 file changed, 1536 insertions(+), 2183 deletions(-)

diff --git a/po/es.po b/po/es.po
index 1ab8e88af..e889e60f8 100644
--- a/po/es.po
+++ b/po/es.po
@@ -4,19 +4,22 @@
 #  I've tried to mantain the terminology used by Armando Ramos
 #  <armando@clerval.org> in his PGP 2.3.6i translation.
 #  I also got inspiration from it.po by Marco d'Itri <md@linux.it>
+#  Jaime Suárez <jaime.suma@gmail.com> 2017
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.0.9\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
 "PO-Revision-Date: 2017-11-02 17:39+0100\n"
-"Last-Translator: Jaime Suárez <jaime.suma@gmail.com>\n"
+"Last-Translator: emma peel <emma.peel@riseup.net>\n"
 "Language-Team: Spanish <es@li.org>\n"
 "Language: es\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "plural: Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 1.8.11\n"
 
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
@@ -29,41 +32,31 @@ msgstr "no pude conseguir el bloqueo de entrada de pin: %s\n"
 #. the second vertical bar.  Note that gpg-agent has been set to
 #. utf-8 so that the strings are in the expected encoding.
 msgid "|pinentry-label|_OK"
-msgstr "|entrada de pin-etiqueta|_OK"
+msgstr "|pinentry-label|_OK"
 
 msgid "|pinentry-label|_Cancel"
-msgstr "|entrada de pin-etiqueta|_Cancelar"
+msgstr "|pinentry-label|_Cancelar"
 
-#, fuzzy
-#| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_Yes"
-msgstr "|entrada de pin-etiqueta|_OK"
+msgstr "|pinentry-label|_Sí"
 
-#, fuzzy
-#| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_No"
-msgstr "|entrada de pin-etiqueta|_OK"
+msgstr "|pinentry-label|_No"
 
 msgid "|pinentry-label|PIN:"
-msgstr "|entrada de pin-etiqueta|PIN:"
+msgstr "|pinentry-label|PIN:"
 
-#, fuzzy
-#| msgid "|pinentry-label|_Cancel"
 msgid "|pinentry-label|_Save in password manager"
-msgstr "|entrada de pin-etiqueta|_Cancelar"
+msgstr "|pinentry-label|_Guardar en gestor de contraseñas"
 
-#, fuzzy
-#| msgid "Do you really want to create a sign and encrypt key? "
 msgid "Do you really want to make your passphrase visible on the screen?"
-msgstr "¿De verdad quiere crear una clave de firma y cifrado? "
+msgstr "¿De verdad quiere hacer que su frase contraseña se vea en la pantalla?"
 
 msgid "|pinentry-tt|Make passphrase visible"
-msgstr ""
+msgstr "|pinentry-tt|Mostrar frase contraseña"
 
-#, fuzzy
-#| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
-msgstr "frase contraseña incorrecta"
+msgstr "|pinentry-tt|Esconder frase contraseña"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
@@ -93,7 +86,7 @@ msgstr ""
 "de esta sesión"
 
 msgid "PIN:"
-msgstr ""
+msgstr "PIN:"
 
 # ¿Por qué no frase de paso?
 # Porque todo el mundo sabe lo que es una contraseña
@@ -107,6 +100,8 @@ msgstr ""
 msgid "Passphrase:"
 msgstr "Frase contraseña:"
 
+#. The re-entered one did not match and the user did not
+#. hit cancel.
 msgid "does not match - try again"
 msgstr "no coincide - reinténtelo"
 
@@ -118,7 +113,7 @@ msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (intento %d de %d)"
 
 msgid "Repeat:"
-msgstr ""
+msgstr "Repetir:"
 
 msgid "PIN too long"
 msgstr "PIN demasiado largo"
@@ -151,15 +146,13 @@ msgstr "Frase contraseña errónea"
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "no pueden usarse claves ssh de más de %d bits\n"
 
-#, fuzzy, c-format
-#| msgid "can't create `%s': %s\n"
+#, c-format
 msgid "can't create '%s': %s\n"
-msgstr "no se puede crear %s: %s\n"
+msgstr "no se puede crear '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't open `%s': %s\n"
+#, c-format
 msgid "can't open '%s': %s\n"
-msgstr "no se puede abrir `%s': %s\n"
+msgstr "no se puede abrir '%s': %s\n"
 
 #, c-format
 msgid "error getting serial number of card: %s\n"
@@ -169,52 +162,47 @@ msgstr "error obteniendo el número de serie de la tarjeta: %s\n"
 msgid "detected card with S/N: %s\n"
 msgstr "detectada tarjeta con S/N: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error getting default authentication keyID of card: %s\n"
+#, c-format
 msgid "no authentication key for ssh on card: %s\n"
-msgstr ""
-"error obteniendo ID de la clave por defecto para autenticaren la tarjeta: "
-"%s\n"
+msgstr "no tenemos clave de certificación para ssh en la tarjeta: %s\n"
 
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "no se encuentra una clave de tarjeta adecuada: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error getting stored flags: %s\n"
+#, c-format
 msgid "error getting list of cards: %s\n"
-msgstr "error obteniendo parámetros almacenados: %s\n"
+msgstr "error intentando obtener lista de tarjetas: %s\n"
 
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
+"Un proceso ssh requirió el uso de la clave%%0A  %s%%0A  (%s)%%0A¿Quiere "
+"permitirlo?"
 
 msgid "Allow"
-msgstr ""
+msgstr "Permitir"
 
 msgid "Deny"
-msgstr ""
+msgstr "Denegar"
 
-#, fuzzy, c-format
-#| msgid "Please enter the passphrase for the ssh key%0A  %c"
+#, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
-msgstr "Por favor introduzca la frase contraseña para la clave ssh%0A %c"
+msgstr ""
+"Por favor introduzca la frase contraseña para la clave ssh %%0A %F%%0A  (%c)"
 
 msgid "Please re-enter this passphrase"
 msgstr "Por favor vuelva a introducir frase contraseña"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "Please enter a passphrase to protect the received secret key%%0A   %s"
-#| "%%0Awithin gpg-agent's key storage"
+#, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr ""
-"Por favor introduzca una frase contraseña para proteger la clave "
-"secretarecibida%%0A  %s%%0Aen el almacen de claves del agente gpg"
+"Por favor introduzca una frase contraseña para proteger la clave secreta "
+"recibida %%0A  %s%%0A  %s%%0A  en el almacén de claves del agente gpg"
 
 #, c-format
 msgid "failed to create stream from socket: %s\n"
@@ -237,10 +225,9 @@ msgstr "PUK"
 msgid "Reset Code"
 msgstr "Código de Reinicio"
 
-#, fuzzy, c-format
-#| msgid "%s%%0A%%0AUse the reader's keypad for input."
+#, c-format
 msgid "%s%%0A%%0AUse the reader's pinpad for input."
-msgstr "%s%%0A%%0AUse el teclado del lector como entrada."
+msgstr "%s%%0A%%0A Use el teclado del lector como entrada."
 
 msgid "Repeat this Reset Code"
 msgstr "Repita este Código de Reinicio"
@@ -296,53 +283,33 @@ msgstr ""
 msgid "Yes, protection is not needed"
 msgstr "Sí, no se necesita protección"
 
-#, fuzzy, c-format
-#| msgid "Name must be at least 5 characters long\n"
+#, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
-msgstr[0] "El nombre debe tener al menos 5 caracteres\n"
-msgstr[1] "El nombre debe tener al menos 5 caracteres\n"
+msgstr[0] "Una frase contraseña debe tener al menos %u caracter."
+msgstr[1] "Una frase contraseña debe tener al menos %u caracteres."
 
-#, fuzzy, c-format
-#| msgid ""
-#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
-#| "contain at least %u digit or%%0Aspecial character."
-#| msgid_plural ""
-#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
-#| "contain at least %u digits or%%0Aspecial characters."
+#, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 msgstr[0] ""
-"Aviso: Ha introducido una frase contraseña insegura.%%0AUna frasecontraseña "
-"debe tener al menos %u digito o%%0Acarácter especial."
+"Una frase contraseña debería tener al menos %u dígito o%%0A carácter "
+"especial."
 msgstr[1] ""
-"Aviso: Ha introducido una frase contraseña insegura.%%0AUna frasecontraseña "
-"debe tener al menos %u digitos o%%0Acaracteres especiales."
+"Una frase contraseña debe tener al menos %u dígitos o %%0A caracteres "
+"especiales."
 
-#, fuzzy, c-format
-#| msgid ""
-#| "Warning: You have entered an insecure passphrase.%%0AA passphrase may not "
-#| "be a known term or match%%0Acertain pattern."
+#, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
-"Aviso: ha introducido una frase contraseña insegura.%%0AUna frase contraseña "
-"no puede ser un término conocido%%0Ao ajustarse a cierto patrón."
+"Una frase contraseña no puede ser un término conocido%%0A o ajustarse a "
+"cierto patrón."
 
-#, fuzzy
-#| msgid ""
-#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
-#| "be at least %u character long."
-#| msgid_plural ""
-#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
-#| "be at least %u characters long."
 msgid "Warning: You have entered an insecure passphrase."
-msgstr ""
-"Aviso: ha introducido una frase contraseña insegura.%%0AUna frase contraseña "
-"debe tener al menos %u carácter."
+msgstr "Aviso: ha introducido una frase contraseña insegura."
 
-#, fuzzy, c-format
-#| msgid "Please enter the passphrase to%0Ato protect your new key"
+#, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Por favor introduzca frase contraseña para%0Aproteger su nueva clave"
 
@@ -362,10 +329,8 @@ msgstr "ejecutar en modo demonio (segundo plano)"
 msgid "run in server mode (foreground)"
 msgstr "ejecutar en modo servidor (primer plano)"
 
-#, fuzzy
-#| msgid "run in server mode"
 msgid "run in supervised mode"
-msgstr "ejecutar en modo servidor"
+msgstr "ejecutar en modo supervisado"
 
 msgid "verbose"
 msgstr "prolijo"
@@ -380,7 +345,7 @@ msgid "csh-style command output"
 msgstr "salida de datos estilo csh"
 
 msgid "|FILE|read options from FILE"
-msgstr "|FICHERO|lee opciones desde FICHERO"
+msgstr "|FILE|lee opciones desde FICHERO"
 
 msgid "do not detach from the console"
 msgstr "no independizarse de la consola"
@@ -397,10 +362,8 @@ msgstr "|PGM|usar PCM como programa SCdaemon"
 msgid "do not use the SCdaemon"
 msgstr "no usar SCdaemon"
 
-#, fuzzy
-#| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|accept some commands via NAME"
-msgstr "|NOMBRE|conectar al socket Assuan NOMBRE"
+msgstr "|NAME|aceptar algunos comandos via NAME"
 
 msgid "ignore requests to change the TTY"
 msgstr "ignorar peticiones de cambiar el TTY"
@@ -414,37 +377,29 @@ msgstr "|N|los PINs en la caché expiran en N segundos"
 msgid "do not use the PIN cache when signing"
 msgstr "no usar el caché de PINs al firmar"
 
-#, fuzzy
-#| msgid "do not allow the reuse of old passphrases"
 msgid "disallow the use of an external password cache"
-msgstr "no permite reusar antiguas frases contraseña"
+msgstr "no permitir el uso de un cache externo de contraseñas"
 
-#, fuzzy
-#| msgid "allow clients to mark keys as \"trusted\""
 msgid "disallow clients to mark keys as \"trusted\""
-msgstr "permitir que los clientes marquen claves como \"fiables\""
+msgstr "no permitir que los clientes marquen claves como \"confiables\""
 
 msgid "allow presetting passphrase"
 msgstr "permitir preestablecer frase contraseña"
 
 msgid "disallow caller to override the pinentry"
-msgstr ""
+msgstr "no permitir que el caller cambie la entrada de pin"
 
 msgid "allow passphrase to be prompted through Emacs"
-msgstr ""
+msgstr "permitir que Emacs pida la clave"
 
-#, fuzzy
-#| msgid "enable ssh-agent emulation"
 msgid "enable ssh support"
-msgstr "permitir emulación de ssh-agent"
+msgstr "permitir soporte de ssh-agent"
 
 msgid "|ALGO|use ALGO to show ssh fingerprints"
-msgstr ""
+msgstr "|ALGO|usar ALGO para mostrar las huellas digitales de ssh"
 
-#, fuzzy
-#| msgid "not supported"
 msgid "enable putty support"
-msgstr "no disponible"
+msgstr "habilitar soporte de putty"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
@@ -452,58 +407,46 @@ msgstr "no disponible"
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Por favor, informe de posibles \"bugs\" a <@EMAIL@>.\n"
 
-#, fuzzy
-#| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
-msgstr "Uso: gpgconf [opciones] (-h para ayuda)"
+msgstr "Uso: @GPG_AGENT@ [opciones] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg-agent [options] [command [args]]\n"
-#| "Secret key management for GnuPG\n"
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
-"Sintaxis: gpg-agent [opciones] [orden [argumentos]]\n"
-"Manejo de claves privadas por GnuPG\n"
+"Sintaxis: @GPG_AGENT@ [opciones] [orden [argumentos]]\n"
+"Manejo de claves privadas por @GNUPG@\n"
 
-#, fuzzy, c-format
-#| msgid "invalid debug-level `%s' given\n"
+#, c-format
 msgid "invalid debug-level '%s' given\n"
-msgstr "el nivel de depuración `%s` no es válido\n"
+msgstr "el nivel de depuración '%s' no es válido\n"
 
 msgid "selected digest algorithm is invalid\n"
 msgstr "el algoritmo de resumen seleccionado no inválido\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
+#, c-format
 msgid "Note: no default option file '%s'\n"
-msgstr "NOTA: no existe el fichero de opciones predefinido `%s'\n"
+msgstr "NOTA: no existe el fichero de opciones predeterminado '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
+#, c-format
 msgid "option file '%s': %s\n"
-msgstr "fichero de opciones `%s': %s\n"
+msgstr "fichero de opciones '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "reading options from `%s'\n"
+#, c-format
 msgid "reading options from '%s'\n"
-msgstr "leyendo opciones desde `%s'\n"
+msgstr "leyendo opciones de '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is a deprecated option\n"
+#, c-format
 msgid "Note: '%s' is not considered an option\n"
-msgstr "ATENCIÓN: \"%s\" es una opción obsoleta\n"
+msgstr "Atención: \"%s\" no se considera una opción\n"
 
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "no se puede crear el socket: %s\n"
 
-#, fuzzy, c-format
-#| msgid "socket name `%s' is too long\n"
+#, c-format
 msgid "socket name '%s' is too long\n"
-msgstr "el nombre de socket `%s' es demasiado largo\n"
+msgstr "el nombre de socket '%s' es demasiado largo\n"
 
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "ya hay un agente gpg ejecutándose - no se inicia otro\n"
@@ -511,40 +454,33 @@ msgstr "ya hay un agente gpg ejecutándose - no se inicia otro\n"
 msgid "error getting nonce for the socket\n"
 msgstr "error obteniendo valor único para el socket\n"
 
-#, fuzzy, c-format
-#| msgid "error binding socket to `%s': %s\n"
+#, c-format
 msgid "error binding socket to '%s': %s\n"
-msgstr "error enlazando el socket con `%s': %s\n"
+msgstr "error enlazando el socket con '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "Warning: unsafe permissions on %s \"%s\"\n"
+#, c-format
 msgid "can't set permissions of '%s': %s\n"
-msgstr "Aviso: permisos inseguros en %s \"%s\"\n"
+msgstr "no puedo cambiar los permisos de '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "listening on socket `%s'\n"
+#, c-format
 msgid "listening on socket '%s'\n"
-msgstr "escuchando el socket `%s'\n"
+msgstr "escuchando en el socket '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "can't create directory `%s': %s\n"
+#, c-format
 msgid "can't create directory '%s': %s\n"
-msgstr "no se puede crear el directorio `%s': %s\n"
+msgstr "no se puede crear el directorio '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "directory `%s' created\n"
+#, c-format
 msgid "directory '%s' created\n"
-msgstr "directorio `%s' creado\n"
+msgstr "creado el directorio '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "stat() failed for `%s': %s\n"
+#, c-format
 msgid "stat() failed for '%s': %s\n"
-msgstr "stat() falló para `%s': %s\n"
+msgstr "stat() falló para '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't use `%s' as home directory\n"
+#, c-format
 msgid "can't use '%s' as home directory\n"
-msgstr "no puede usar `%s' como directorio personal\n"
+msgstr "no puede usar '%s' como directorio personal\n"
 
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
@@ -566,10 +502,9 @@ msgstr "manejador ssh 0x%lx para el descriptor %d iniciado\n"
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "manejador ssh 0x%lx para el descriptor %d finalizado\n"
 
-#, fuzzy, c-format
-#| msgid "pth_select failed: %s - waiting 1s\n"
+#, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
-msgstr "pth_select falló: %s - espero 1s\n"
+msgstr "npth_pselect falló: %s - espero 1s\n"
 
 # msgstr "clave %08lX: %d nuevas subclaves\n"
 #, c-format
@@ -629,7 +564,7 @@ msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
-"Introduzca la frase contraseña para proteger el objeto importado en GnuPG"
+"Introduzca la frase contraseña para proteger el objeto importado en GnuPG."
 
 msgid ""
 "Please enter the passphrase or the PIN\n"
@@ -645,40 +580,36 @@ msgstr "cancelado\n"
 msgid "error while asking for the passphrase: %s\n"
 msgstr "error pidiendo la frase contraseña: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
+#, c-format
 msgid "error opening '%s': %s\n"
-msgstr "error abriendo `%s': %s\n"
+msgstr "error abriendo '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "file `%s', line %d: %s\n"
+#, c-format
 msgid "file '%s', line %d: %s\n"
-msgstr "fichero `%s', línea %d: %s\n"
+msgstr "fichero '%s', línea %d: %s\n"
 
-#, fuzzy, c-format
-#| msgid "statement \"%s\" ignored in `%s', line %d\n"
+#. Same file.
+#, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
-msgstr "declaración \"%s\" ignorada en `%s', línea %d\n"
+msgstr "declaración \"%s\" ignorada en '%s', línea %d\n"
 
-#, fuzzy, c-format
-#| msgid "system trustlist `%s' not available\n"
+#. A non existent system trustlist is not an error.
+#. Just print a note.
+#, c-format
 msgid "system trustlist '%s' not available\n"
-msgstr "la lista de confianza `%s' del sistema no está disponible\n"
+msgstr "la lista de confianza '%s' del sistema no está disponible\n"
 
-#, fuzzy, c-format
-#| msgid "bad fingerprint in `%s', line %d\n"
+#, c-format
 msgid "bad fingerprint in '%s', line %d\n"
-msgstr "huella digital incorrecta en `%s', línea %d\n"
+msgstr "huella digital incorrecta en '%s', línea %d\n"
 
-#, fuzzy, c-format
-#| msgid "invalid keyflag in `%s', line %d\n"
+#, c-format
 msgid "invalid keyflag in '%s', line %d\n"
-msgstr "opción de clave inválida en `%s', línea %d\n"
+msgstr "opción de clave inválida en '%s', línea %d\n"
 
-#, fuzzy, c-format
-#| msgid "error reading `%s', line %d: %s\n"
+#, c-format
 msgid "error reading '%s', line %d: %s\n"
-msgstr "error leyendo `%s', línea %d: %s\n"
+msgstr "error leyendo '%s', línea %d: %s\n"
 
 msgid "error reading list of trusted root certificates\n"
 msgstr "error leyendo la lista de certificados raíz fiables\n"
@@ -730,6 +661,7 @@ msgstr "Correcto"
 msgid "Wrong"
 msgstr "Incorrecto"
 
+#. No protection date known - must force passphrase change.
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
@@ -749,23 +681,26 @@ msgstr "Cambia la frase contraseña"
 msgid "I'll change it later"
 msgstr "La cambiaré más tarde"
 
-#, fuzzy, c-format
-#| msgid "Do you really want to delete the selected keys? (y/N) "
+#, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
-msgstr "¿De verdad quiere borrar las claves seleccionadas? (s/N) "
+msgstr ""
+"¿De verdad quiere borrar la clave identificada con el keygrip%%0A  %s%%0A  "
+"%%C%%0A?"
 
-#, fuzzy
-#| msgid "enable key"
 msgid "Delete key"
-msgstr "habilita clave"
+msgstr "Borrar clave"
 
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
+"Cuidado: ¡Esta clave también está listada para usarse con SSH!\n"
+"Borrarla puede remover tu capacidad de acceder a máquinas remotas."
 
+#. FIXME: We check the QBITS but print a message about the hash
+#. length.
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA necesita un resumen cuya longitud sea múltiplo de 8 bits\n"
 
@@ -773,41 +708,40 @@ msgstr "DSA necesita un resumen cuya longitud sea múltiplo de 8 bits\n"
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "la clave %s usa un hash inseguro (de %u bits)\n"
 
-#, fuzzy, c-format
-#| msgid "a %u bit hash is not valid for a %u bit %s key\n"
+#, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
-msgstr "un hash de %u bits no vale para %u bits de la clave %s\n"
+msgstr "un hash de %zu bits no vale para %u bits de la clave %s\n"
 
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "la comprobación de la firma creada falló: %s\n"
 
+#. Stub key.
 msgid "secret key parts are not available\n"
 msgstr "las partes de la clave privada no están disponibles\n"
 
-#, fuzzy, c-format
-#| msgid "protection algorithm %d%s is not supported\n"
+#, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
-msgstr "el algoritmo de protección %d%s no puede ser utilizado\n"
+msgstr "el algoritmo de llave pública %d (%s) no se puede usar\n"
 
-#, fuzzy, c-format
-#| msgid "protection algorithm %d%s is not supported\n"
+#. The algorithm numbers are Libgcrypt numbers but fortunately
+#. the OpenPGP algorithm numbers map one-to-one to the Libgcrypt
+#. numbers.
+#, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
-msgstr "el algoritmo de protección %d%s no puede ser utilizado\n"
+msgstr "el algoritmo de protección %d (%s) no se puede usar\n"
 
-#, fuzzy, c-format
-#| msgid "protection algorithm %d%s is not supported\n"
+#, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
-msgstr "el algoritmo de protección %d%s no puede ser utilizado\n"
+msgstr "el algoritmo de protección de hash %d (%s) no se puede usar\n"
 
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "error creando tubería: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating a pipe: %s\n"
+#, c-format
 msgid "error creating a stream for a pipe: %s\n"
-msgstr "error creando tubería: %s\n"
+msgstr "error creando stream para una tubería: %s\n"
 
 #, c-format
 msgid "error forking process: %s\n"
@@ -817,34 +751,29 @@ msgstr "error bifurcando procesos: %s\n"
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "fallo esperando que el proceso %d terminara: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error running `%s': probably not installed\n"
+#, c-format
 msgid "error running '%s': probably not installed\n"
-msgstr "error ejecutando `%s': probablemente no está instalado\n"
+msgstr "error al ejecutar '%s': probablemente no está instalado\n"
 
-#, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
+#, c-format
 msgid "error running '%s': exit status %d\n"
-msgstr "error ejecutando `%s': código de finalización %d\n"
+msgstr "error ejecutando '%s': código de salida %d\n"
 
-#, fuzzy, c-format
-#| msgid "error running `%s': terminated\n"
+#, c-format
 msgid "error running '%s': terminated\n"
-msgstr "error ejecutando `%s': terminado\n"
+msgstr "error al ejecutar '%s': terminado\n"
 
-#, fuzzy, c-format
-#| msgid "waiting for process %d to terminate failed: %s\n"
+#, c-format
 msgid "waiting for processes to terminate failed: %s\n"
-msgstr "fallo esperando que el proceso %d terminara: %s\n"
+msgstr "fallo esperando que el proceso termine: %s\n"
 
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "error obteniendo código de finalización del proceso: %d %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't connect to `%s': %s\n"
+#, c-format
 msgid "can't connect to '%s': %s\n"
-msgstr "no se puede conectar con `%s': %s\n"
+msgstr "no se puede conectar con '%s': %s\n"
 
 msgid "problem setting the gpg-agent options\n"
 msgstr "problema estableciendo opciones de gpg-agent\n"
@@ -861,15 +790,13 @@ msgstr "Aviso: propiedad insegura de %s \"%s\"\n"
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Aviso: permisos inseguros en %s \"%s\"\n"
 
-#, fuzzy, c-format
-#| msgid "waiting %d seconds for the agent to come up\n"
+#, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
-msgstr "esperando %d segundos para que el agente arranque\n"
+msgstr "esperando que el archivo '%s' esté disponible ...\n"
 
-#, fuzzy, c-format
-#| msgid "renaming `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
-msgstr "renombrando `%s' en `%s' fallo: %s\n"
+msgstr "renombrar '%s' a '%s' falló: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
 msgid "yes"
@@ -908,11 +835,11 @@ msgstr "cC"
 
 #, c-format
 msgid "out of core in secure memory while allocating %lu bytes"
-msgstr "agotado nucleo de memoria segura reservando %lu bytes"
+msgstr "agotado núcleo de memoria segura reservando %lu bytes"
 
 #, c-format
 msgid "out of core while allocating %lu bytes"
-msgstr "error de memoria reservando %lu bytes"
+msgstr "error de memoria al reservar %lu bytes"
 
 #, c-format
 msgid "error allocating enough memory: %s\n"
@@ -922,47 +849,38 @@ msgstr "error reservando memoria: %s\n"
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: opción obsoleta \"%s\" - no tiene efecto\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+#, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
-msgstr "ATENCIÓN: \"%s\" es una opción obsoleta - no tiene efecto\n"
+msgstr "ATENCIÓN: \"%s%s\" es una opción obsoleta - no tiene efecto\n"
 
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
-msgstr ""
+msgstr "etiqueta de debug '%s' ignorada\n"
 
-#, fuzzy, c-format
-#| msgid "no running gpg-agent - starting one\n"
+#, c-format
 msgid "no running gpg-agent - starting '%s'\n"
-msgstr "no hay gpg-agent en ejecución - inicando uno\n"
+msgstr "no hay gpg-agent en ejecución - iniciando '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "waiting %d seconds for the agent to come up\n"
+#, c-format
 msgid "waiting for the agent to come up ... (%ds)\n"
-msgstr "esperando %d segundos para que el agente arranque\n"
+msgstr "esperando que el agente arranque... ( %ds)\n"
 
 msgid "connection to agent established\n"
-msgstr ""
+msgstr "conexión establecida al agente\n"
 
-#, fuzzy
-#| msgid "can't connect to the dirmngr - trying fall back\n"
 msgid "connection to agent is in restricted mode\n"
-msgstr "no puedo conectar con el dirmngr - intentando retirada\n"
+msgstr "la conexión al agente está en modo restringido\n"
 
-#, fuzzy, c-format
-#| msgid "no running dirmngr - starting `%s'\n"
+#, c-format
 msgid "no running Dirmngr - starting '%s'\n"
-msgstr "no hay dirmngr en ejecución - iniciando `%s'\n"
+msgstr "no hay dirmngr en ejecución - iniciando '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "waiting %d seconds for the agent to come up\n"
+#, c-format
 msgid "waiting for the dirmngr to come up ... (%ds)\n"
-msgstr "esperando %d segundos para que el agente arranque\n"
+msgstr "esperando que el dirmngr arranque... ( %ds)\n"
 
-#, fuzzy
-#| msgid "can't connect to the dirmngr - trying fall back\n"
 msgid "connection to the dirmngr established\n"
-msgstr "no puedo conectar con el dirmngr - intentando retirada\n"
+msgstr "conexión establecida al dirmngr\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1086,7 +1004,7 @@ msgid "Included certificates"
 msgstr "Certificados incluidos"
 
 msgid "No audit log entries."
-msgstr "No auditar entradas de los logs"
+msgstr "No auditar entradas de los logs."
 
 msgid "Unknown operation"
 msgstr "Operación desconocida"
@@ -1097,10 +1015,9 @@ msgstr "Gpg-Agent utilizable"
 msgid "Dirmngr usable"
 msgstr "Dirmngr utilizable"
 
-#, fuzzy, c-format
-#| msgid "No help available for `%s'."
+#, c-format
 msgid "No help available for '%s'."
-msgstr "No hay ayuda disponible para `%s'."
+msgstr "No hay ayuda disponible para '%s'."
 
 msgid "ignoring garbage line"
 msgstr "ignorando línea con basura"
@@ -1124,10 +1041,8 @@ msgstr "palabra clave demasiado larga"
 msgid "missing argument"
 msgstr "falta el parámetro"
 
-#, fuzzy
-#| msgid "invalid armor"
 msgid "invalid argument"
-msgstr "armadura inválida"
+msgstr "parámetro incorrecto"
 
 msgid "invalid command"
 msgstr "orden inválida"
@@ -1145,10 +1060,9 @@ msgstr "opción inválida"
 msgid "missing argument for option \"%.50s\"\n"
 msgstr "falta parámetro para la opción \"%.50s\"\n"
 
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
+#, c-format
 msgid "invalid argument for option \"%.50s\"\n"
-msgstr "falta parámetro para la opción \"%.50s\"\n"
+msgstr "parámetro incorrecto para la opción \"%.50s\"\n"
 
 #, c-format
 msgid "option \"%.50s\" does not expect an argument\n"
@@ -1173,30 +1087,29 @@ msgstr "memoria desbordada\n"
 msgid "invalid option \"%.50s\"\n"
 msgstr "opción inválida \"%.50s\"\n"
 
-#, fuzzy, c-format
-#| msgid "conversion from `%s' to `%s' not available\n"
+#, c-format
 msgid "conversion from '%s' to '%s' not available\n"
-msgstr "la conversión de `%s' en `%s' no está disponible\n"
+msgstr "la conversión de '%s' a '%s' no está disponible\n"
 
 #, c-format
 msgid "iconv_open failed: %s\n"
 msgstr "iconv_open falló: %s\n"
 
-#, fuzzy, c-format
-#| msgid "conversion from `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "conversion from '%s' to '%s' failed: %s\n"
-msgstr "la conversión de `%s' en `%s' falló: %s\n"
+msgstr "la conversión de '%s' a '%s' falló: %s\n"
 
-#, fuzzy, c-format
-#| msgid "failed to create temporary file `%s': %s\n"
+#, c-format
 msgid "failed to create temporary file '%s': %s\n"
-msgstr "no se puede crear el fichero temporal `%s': %s\n"
+msgstr "no se pudo crear el fichero temporal '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing to `%s': %s\n"
+#, c-format
 msgid "error writing to '%s': %s\n"
-msgstr "error escribiendo en `%s': %s\n"
+msgstr "error escribiendo a '%s': %s\n"
 
+#. Note: It is unlikley that we get a race here unless a pid is
+#. reused too fast or a new process with the same pid as the one
+#. of the stale file tries to lock right at the same time as we.
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "borrando fichero de bloqueo residual (creado por %d)\n"
@@ -1206,12 +1119,11 @@ msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "esperando al bloqueo (que mantiene %d%s) %s...\n"
 
 msgid "(deadlock?) "
-msgstr "(¿bloqueo mutuo?)"
+msgstr "(¿bloqueo mutuo?) "
 
-#, fuzzy, c-format
-#| msgid "lock `%s' not made: %s\n"
+#, c-format
 msgid "lock '%s' not made: %s\n"
-msgstr "bloqueo `%s' no hecho: %s\n"
+msgstr "bloqueo '%s' no hecho: %s\n"
 
 #, c-format
 msgid "waiting for lock %s...\n"
@@ -1234,6 +1146,12 @@ msgstr "cabecera de armadura: "
 msgid "invalid clearsig header\n"
 msgstr "cabecera de firma clara inválida\n"
 
+#. Section 6.2: "Unknown keys should be reported to the user,
+#. but OpenPGP should continue to process the message."  Note
+#. that in a clearsigned message this applies to the signature
+#. part (i.e. "BEGIN PGP SIGNATURE") and not the signed data
+#. ("BEGIN PGP SIGNED MESSAGE").  The only key allowed in the
+#. signed data section is "Hash".
 msgid "unknown armor header: "
 msgstr "cabecera de armadura desconocida: "
 
@@ -1243,6 +1161,7 @@ msgstr "firmas en texto claro anidadas\n"
 msgid "unexpected armor: "
 msgstr "armadura inesperada: "
 
+#. Bad dash-escaping.
 msgid "invalid dash escaped line: "
 msgstr "Línea con guiones inválida: "
 
@@ -1282,10 +1201,9 @@ msgstr ""
 "caracter \"quoted printable\" en la armadura - probablemente se usó\n"
 "un MTA defectuoso\n"
 
-#, fuzzy, c-format
-#| msgid "not human readable"
+#, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
-msgstr "ilegible"
+msgstr "[ ilegible (%zu bytes: %s%s) ]"
 
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1303,19 +1221,12 @@ msgstr "un nombre de notación no debe contener más de un caracter '@'\n"
 msgid "a notation value must not use any control characters\n"
 msgstr "un valor de notación no debe usar ningún caracter de control\n"
 
-#, fuzzy
-#| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
-msgstr "un nombre de notación no debe contener más de un caracter '@'\n"
+msgstr "un nombre de notación no debe contener ningún caracter '='\n"
 
-#, fuzzy
-#| msgid ""
-#| "a notation name must have only printable characters or spaces, and end "
-#| "with an '='\n"
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr ""
-"un nombre de notación debe tener sólo caracteres imprimibles o espacios, y "
-"acabar con un '='\n"
+"un nombre de notación debe tener sólo caracteres imprimibles o espacios\n"
 
 msgid "WARNING: invalid notation data found\n"
 msgstr "ATENCIÓN: encontrados datos de notación inválidos\n"
@@ -1325,34 +1236,32 @@ msgid "failed to proxy %s inquiry to client\n"
 msgstr "fallo al hacer la petición proxy %s al cliente\n"
 
 msgid "Enter passphrase: "
-msgstr "Introduzca frase contraseña: "
+msgstr "Introduzca la frase contraseña: "
 
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
+#, c-format
 msgid "error getting version from '%s': %s\n"
-msgstr "error escribiendo anillo `%s': %s\n"
+msgstr "error intentando averiguar la versión de '%s': %s\n"
 
 #, c-format
 msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
+msgstr "el servidor '%s' es más viejo que nosotros (%s < %s)"
 
-#, fuzzy, c-format
-#| msgid "WARNING: "
+#, c-format
 msgid "WARNING: %s\n"
-msgstr "ATENCION: "
+msgstr "ATENCIÓN: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
+"Advertencia: Los servidores no mantenidos pueden carecer de importantes "
+"actualizaciones de seguridad.\n"
 
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
+#, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Por favor use la orden \"cambia\" primero.\n"
+msgstr "Atención: Usa el comando \"%s\" para reiniciarlos.\n"
 
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
+#, c-format
 msgid "%s is not compliant with %s mode\n"
-msgstr "%s aún no funciona con %s\n"
+msgstr "%s no funciona con el modo %s\n"
 
 #, c-format
 msgid "OpenPGP card not available: %s\n"
@@ -1414,15 +1323,13 @@ msgstr "Error: nombre combinado demasiado largo (máximo %d caracteres).\n"
 msgid "URL to retrieve public key: "
 msgstr "URL de donde recuperar la clave pública: "
 
-#, fuzzy, c-format
-#| msgid "error reading `%s': %s\n"
+#, c-format
 msgid "error reading '%s': %s\n"
-msgstr "error leyendo `%s': %s\n"
+msgstr "error al leer '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing `%s': %s\n"
+#, c-format
 msgid "error writing '%s': %s\n"
-msgstr "error escribiendo `%s': %s\n"
+msgstr "error al escribir '%s': %s\n"
 
 msgid "Login data (account name): "
 msgstr "Datos de login (nombre de la cuenta): "
@@ -1446,10 +1353,10 @@ msgid "Error: invalid response.\n"
 msgstr "Error: respuesta no válida.\n"
 
 msgid "CA fingerprint: "
-msgstr "Huella dactilar CA:"
+msgstr "Huella digital CA: "
 
 msgid "Error: invalid formatted fingerprint.\n"
-msgstr "Error: formato inválido de huella dactilar.\n"
+msgstr "Error: formato inválido de huella digital.\n"
 
 #, c-format
 msgid "key operation not possible: %s\n"
@@ -1475,105 +1382,63 @@ msgstr ""
 "      la documentación de su tarjeta para ver los tamaños posibles.\n"
 
 #, c-format
-msgid "What keysize do you want? (%u) "
-msgstr "¿De qué tamaño quiere la clave? (%u) "
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "¿De qué tamaño quiere la clave de Firmado? (%u) "
 
 #, c-format
-msgid "rounded up to %u bits\n"
-msgstr "redondeados a %u bits\n"
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "¿De qué tamaño quiere la clave de Cifrado? (%u) "
 
 #, c-format
-msgid "%s keysizes must be in the range %u-%u\n"
-msgstr "los tamaños de claves %s deben estar en el rango %u-%u\n"
-
-msgid "Changing card key attribute for: "
-msgstr ""
-
-#, fuzzy
-#| msgid "   (1) Signature key\n"
-msgid "Signature key\n"
-msgstr "    (1) Clave de firmado\n"
-
-#, fuzzy
-#| msgid "   (2) Encryption key\n"
-msgid "Encryption key\n"
-msgstr "   (2) Clave de cifrado\n"
-
-#, fuzzy
-#| msgid "   (3) Authentication key\n"
-msgid "Authentication key\n"
-msgstr "   (3) Clave de autentificación\n"
-
-msgid "Please select what kind of key you want:\n"
-msgstr "Por favor seleccione tipo de clave deseado:\n"
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "¿De qué tamaño quiere la clave de Autenticación? (%u) "
 
+#. Use default.
 #, c-format
-msgid "   (%d) RSA\n"
-msgstr "   (%d) RSA\n"
+msgid "The card will now be re-configured to generate a key of type: %s\n"
+msgstr "Ahora la tarjeta se reconfigurará para generar una clave de tipo: %s\n"
 
-#, fuzzy, c-format
-#| msgid "   (%d) DSA and Elgamal\n"
-msgid "   (%d) ECC\n"
-msgstr "   (%d) DSA y ElGamal\n"
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "redondeados a %u bits\n"
 
-msgid "Invalid selection.\n"
-msgstr "Elección inválida.\n"
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "los tamaños de claves %s deben estar en el rango %u-%u\n"
 
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Ahora la tarjeta se reconfigurará para generar una clave de %u bits\n"
 
-#, fuzzy, c-format
-#| msgid "The card will now be re-configured to generate a key of %u bits\n"
-msgid "The card will now be re-configured to generate a key of type: %s\n"
-msgstr "Ahora la tarjeta se reconfigurará para generar una clave de %u bits\n"
-
-#, fuzzy, c-format
-#| msgid "error changing size of key %d to %u bits: %s\n"
-msgid "error changing key attribute for key %d: %s\n"
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
 msgstr "error cambiando el tamaño de la clave %d a %u bits: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error getting current key info: %s\n"
-msgid "error getting card info: %s\n"
-msgstr "error obteniendo la información actual de la clave: %s\n"
-
-#, fuzzy
-#| msgid "This command is not allowed while in %s mode.\n"
-msgid "This command is not supported by this card\n"
-msgstr "Esta orden no se permite en modo %s.\n"
-
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
-"¿Hacer copia de seguridad externa a la tarjeta de clave de cifrado? (S/n)"
+"¿Hacer copia de seguridad externa a la tarjeta de clave de cifrado? (S/n) "
 
-#, fuzzy
-#| msgid "NOTE: keys are already stored on the card!\n"
 msgid "Note: keys are already stored on the card!\n"
-msgstr "NOTA: ¡claves ya almacenadas en la tarjeta!\n"
+msgstr "NOTA: ¡ya hay claves almacenadas en la tarjeta!\n"
 
 msgid "Replace existing keys? (y/N) "
 msgstr "¿Reemplazar las claves existentes? (s/N) "
 
-#, fuzzy, c-format
-#| msgid ""
-#| "Please note that the factory settings of the PINs are\n"
-#| "   PIN = `%s'     Admin PIN = `%s'\n"
-#| "You should change them using the command --change-pin\n"
+#, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
 "   PIN = '%s'     Admin PIN = '%s'\n"
 "You should change them using the command --change-pin\n"
 msgstr ""
-"Por favor observe que los valores de fábrica del PIN son\n"
-"   PIN = `%s'     PIN Administrador = `%s'\n"
+"Ten en cuenta que los valores de fábrica del PIN son\n"
+"   PIN = '%s'     PIN Administrador = '%s'\n"
 "Debería cambiarlos usando la orden --change-pin\n"
 
 msgid "Please select the type of key to generate:\n"
 msgstr "Por favor seleccione tipo de clave que generar:\n"
 
 msgid "   (1) Signature key\n"
-msgstr "    (1) Clave de firmado\n"
+msgstr "   (1) Clave de firmado\n"
 
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Clave de cifrado\n"
@@ -1581,34 +1446,34 @@ msgstr "   (2) Clave de cifrado\n"
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Clave de autentificación\n"
 
+#. Okay.
+msgid "Invalid selection.\n"
+msgstr "Elección inválida.\n"
+
 msgid "Please select where to store the key:\n"
 msgstr "Por favor elija donde guardar la clave:\n"
 
-#, fuzzy, c-format
-#| msgid "read failed: %s\n"
+#, c-format
 msgid "KEYTOCARD failed: %s\n"
-msgstr "lectura fallida: %s\n"
+msgstr "KEYTOCARD fallido: %s\n"
+
+#. Note: We won't see status-indicator 3 here because it is not
+#. possible to select a card application in termination state.
+msgid "This command is not supported by this card\n"
+msgstr "Esta orden no se puede usar con esta tarjeta\n"
 
-#, fuzzy
-#| msgid "NOTE: keys are already stored on the card!\n"
 msgid "Note: This command destroys all keys stored on the card!\n"
-msgstr "NOTA: ¡claves ya almacenadas en la tarjeta!\n"
+msgstr ""
+"NOTA: ¡Esta orden destruye todas las claves almacenadas en la tarjeta!\n"
 
-#, fuzzy
-#| msgid "Sign it? (y/N) "
 msgid "Continue? (y/N) "
-msgstr "¿Firmarlo? (s/N) "
+msgstr "¿Continuar? (s/N) "
 
 msgid "Really do a factory reset? (enter \"yes\") "
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "error closing %s: %s\n"
-msgid "error for setup KDF: %s\n"
-msgstr "error cerrando %s: %s\n"
+msgstr "¿Realmente quiere volver a los valores de fábrica? (escriba \"sí\") "
 
 msgid "quit this menu"
-msgstr "sale de este menú"
+msgstr "salir de este menú"
 
 msgid "show admin commands"
 msgstr "ver órdenes de administrador"
@@ -1638,7 +1503,7 @@ msgid "change card holder's sex"
 msgstr "cambiar sexo del titular de la tarjeta"
 
 msgid "change a CA fingerprint"
-msgstr "cambiar huella dactilar de una CA"
+msgstr "cambiar huella digital de una CA"
 
 msgid "toggle the signature force PIN flag"
 msgstr "cambiar estado de la opción forzar firma del PIN"
@@ -1656,17 +1521,7 @@ msgid "unblock the PIN using a Reset Code"
 msgstr "desbloquear PIN usando Código de Reinicio"
 
 msgid "destroy all keys and data"
-msgstr ""
-
-#, fuzzy
-#| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
-msgstr "|NOMBRE|usa NOMBRE como destinatario por defecto"
-
-#, fuzzy
-#| msgid "change the ownertrust"
-msgid "change the key attribute"
-msgstr "cambia valores de confianza"
+msgstr "destruir todas las claves y datos"
 
 msgid "gpg/card> "
 msgstr "gpg/tarjeta> "
@@ -1686,10 +1541,9 @@ msgstr "Orden inválida (pruebe \"help\")\n"
 msgid "--output doesn't work for this command\n"
 msgstr "--output no funciona con esta orden\n"
 
-#, fuzzy, c-format
-#| msgid "can't open `%s'\n"
+#, c-format
 msgid "can't open '%s'\n"
-msgstr "no se puede abrir `%s'\n"
+msgstr "no se puede abrir '%s'\n"
 
 #, c-format
 msgid "key \"%s\" not found: %s\n"
@@ -1699,10 +1553,9 @@ msgstr "clave \"%s\" no encontrada: %s\n"
 msgid "error reading keyblock: %s\n"
 msgstr "error leyendo bloque de claves: %s\n"
 
-#, fuzzy, c-format
-#| msgid "key \"%s\" not found: %s\n"
+#, c-format
 msgid "key \"%s\" not found\n"
-msgstr "clave \"%s\" no encontrada: %s\n"
+msgstr "clave \"%s\" no encontrada\n"
 
 msgid "(unless you specify the key by fingerprint)\n"
 msgstr "(excepto si especifica la clave dando su huella digital)\n"
@@ -1716,18 +1569,15 @@ msgstr "¿Eliminar esta clave del anillo? (s/N) "
 msgid "This is a secret key! - really delete? (y/N) "
 msgstr "¡Es una clave secreta! ¿Eliminar realmente? (s/N) "
 
-#, fuzzy, c-format
-#| msgid "deleting certificate \"%s\" failed: %s\n"
+#, c-format
 msgid "deleting secret %s failed: %s\n"
-msgstr "borrado del certificado \"%s\" fallido: %s\n"
+msgstr "ha fallado el borrado del secreto %s: %s\n"
 
 msgid "key"
 msgstr "clave"
 
-#, fuzzy
-#| msgid "Pubkey: "
 msgid "subkey"
-msgstr "Clave pública: "
+msgstr "subclave"
 
 #, c-format
 msgid "deleting keyblock failed: %s\n"
@@ -1754,20 +1604,17 @@ msgstr "no puede usar un paquete simétrico ESK debido al modo S2K\n"
 msgid "using cipher %s\n"
 msgstr "usando cifrado %s\n"
 
-#, fuzzy, c-format
-#| msgid "`%s' already compressed\n"
+#, c-format
 msgid "'%s' already compressed\n"
-msgstr "`%s' ya está comprimido\n"
+msgstr "'%s' ya está comprimido\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: `%s' is an empty file\n"
+#, c-format
 msgid "WARNING: '%s' is an empty file\n"
-msgstr "ATENCIÓN `%s' es un fichero vacío\n"
+msgstr "ATENCIÓN '%s' es un fichero vacío\n"
 
-#, fuzzy, c-format
-#| msgid "reading from `%s'\n"
+#, c-format
 msgid "reading from '%s'\n"
-msgstr "leyendo desde `%s'\n"
+msgstr "leyendo desde '%s'\n"
 
 #, c-format
 msgid ""
@@ -1776,15 +1623,15 @@ msgstr ""
 "AVISO: forzar el cifrado simétrico %s (%d) viola las preferencias\n"
 "del destinatario\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+#, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
-msgstr "no puede usar el cifrado `%s' en modo %s\n"
+msgstr "no se puede usar el cifrado '%s' en modo %s\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+#, c-format
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "ATENCIÓN: \"%s\" es una opción obsoleta - no tiene efecto\n"
+msgstr ""
+"ATENCIÓN: la clave %s no es adecuada para la encriptación en modo %s\n"
+"\n"
 
 #, c-format
 msgid ""
@@ -1804,10 +1651,9 @@ msgstr ""
 msgid "%s/%s encrypted for: \"%s\"\n"
 msgstr "%s/%s cifrado para: \"%s\"\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "option '%s' may not be used in %s mode\n"
-msgstr "no puede usar %s en modo %s\n"
+msgstr "no se puede usar la opción '%s' en modo %s\n"
 
 #, c-format
 msgid "%s encrypted data\n"
@@ -1839,15 +1685,13 @@ msgstr ""
 "esta plataforma necesita ficheros temporales para llamar a programas "
 "externos\n"
 
-#, fuzzy, c-format
-#| msgid "unable to execute program `%s': %s\n"
+#, c-format
 msgid "unable to execute program '%s': %s\n"
-msgstr "no se puede ejecutar el programa `%s': %s\n"
+msgstr "no se puede ejecutar el programa '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "unable to execute shell `%s': %s\n"
+#, c-format
 msgid "unable to execute shell '%s': %s\n"
-msgstr "no se puede ejecutar el intérprete de órdenes `%s': %s\n"
+msgstr "no se puede ejecutar el intérprete de órdenes '%s': %s\n"
 
 #, c-format
 msgid "system error while calling external program: %s\n"
@@ -1863,15 +1707,13 @@ msgstr "no se puede ejecutar el programa externo\n"
 msgid "unable to read external program response: %s\n"
 msgstr "no se puede leer la respuesta del programa externo: %s\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+#, c-format
 msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVISO: no se puede borrar fichero temporal (%s) `%s': %s\n"
+msgstr "AVISO: no se puede borrar fichero temporal (%s) '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+#, c-format
 msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVISO: no se puede borrar el fichero temporal `%s': %s\n"
+msgstr "AVISO: no se puede borrar el directorio temporal '%s': %s\n"
 
 msgid "export signatures that are marked as local-only"
 msgstr "exportar firmas marcadas como sólo locales"
@@ -1889,18 +1731,18 @@ msgid "remove as much as possible from key during export"
 msgstr "borrar tanto como sea posible de la clave al exportar"
 
 msgid "use the GnuPG key backup format"
-msgstr ""
+msgstr "usar el formato de backup de claves GnuPG"
 
-#, fuzzy
-#| msgid "%s: skipped: %s\n"
 msgid " - skipped"
-msgstr "%s: omitido: %s\n"
+msgstr " - omitido"
 
-#, fuzzy, c-format
-#| msgid "writing to `%s'\n"
+#, c-format
 msgid "writing to '%s'\n"
-msgstr "escribiendo en `%s'\n"
+msgstr "escribiendo en '%s'\n"
 
+#. It does not make sense to export a key with its
+#. * primary key on card using a non-key stub.  Thus we
+#. * skip those keys when used with --export-secret-subkeys.
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "clave %s: material de la clave en la tarjeta - omitida\n"
@@ -1915,63 +1757,59 @@ msgstr "clave %s: clave estilo PGP 2.x - omitida\n"
 msgid "WARNING: nothing exported\n"
 msgstr "ATENCIÓN: no se ha exportado nada\n"
 
-#, fuzzy, c-format
-#| msgid "error creating `%s': %s\n"
+#, c-format
 msgid "error creating '%s': %s\n"
-msgstr "error creando `%s': %s\n"
+msgstr "error al crear '%s': %s\n"
 
 msgid "[User ID not found]"
 msgstr "[ID de usuario no encontrado]"
 
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
+#, c-format
 msgid "(check argument of option '%s')\n"
-msgstr "falta parámetro para la opción \"%.50s\"\n"
+msgstr "(revisar el parámetro de la opción '%s')\n"
 
 #, c-format
 msgid "Warning: '%s' should be a long key ID or a fingerprint\n"
 msgstr ""
+"Atención: '%s' debería ser un identificador largo de usuario o una huella "
+"digital\n"
 
-#, fuzzy, c-format
-#| msgid "error closing %s: %s\n"
+#, c-format
 msgid "error looking up: %s\n"
-msgstr "error cerrando %s: %s\n"
+msgstr "error al buscar: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
+#, c-format
 msgid "Warning: %s appears in the keyring %d times\n"
-msgstr "error escribiendo anillo `%s': %s\n"
+msgstr ""
+"Advertencia: %s aparece %d veces en el anillo de claves\n"
+"\n"
 
-#, fuzzy, c-format
-#| msgid "automatically retrieved `%s' via %s\n"
+#, c-format
 msgid "automatically retrieved '%s' via %s\n"
-msgstr "recuperado automáticamente `%s' vía %s\n"
+msgstr "'%s' recuperado automáticamente vía %s\n"
 
-#, fuzzy, c-format
-#| msgid "error retrieving `%s' via %s: %s\n"
+#, c-format
 msgid "error retrieving '%s' via %s: %s\n"
-msgstr "error recuperando `%s' vía %s: %s\n"
+msgstr "error recuperando '%s' vía %s: %s\n"
 
 msgid "No fingerprint"
-msgstr "No hay huella dactilar"
+msgstr "No hay huella digital"
 
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "clave secreta \"%s\" no encontrada: %s\n"
 
-#, fuzzy, c-format
-#| msgid "|NAME|use NAME as default secret key"
+#, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
-msgstr "|NOMBRE|usa NOMBRE como clave secreta por defecto"
+msgstr "Advertencia: no estamos usando '%s' como clave predeterminada: %s\n"
 
-#, fuzzy, c-format
-#| msgid "|NAME|use NAME as default secret key"
+#, c-format
 msgid "using \"%s\" as default secret key for signing\n"
-msgstr "|NOMBRE|usa NOMBRE como clave secreta por defecto"
+msgstr "usando \"%s\" como clave secreta predeterminada para firmar\n"
 
 #, c-format
 msgid "all values passed to '%s' ignored\n"
-msgstr ""
+msgstr "todos los valores pasados a '%s' ignorados\n"
 
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
@@ -1981,10 +1819,9 @@ msgstr "Clave %s inválida hecha válida mediante --allow-non-selfsigned-uid\n"
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "usando subclave %s en vez de clave primaria %s\n"
 
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
+#, c-format
 msgid "valid values for option '%s':\n"
-msgstr "falta parámetro para la opción \"%.50s\"\n"
+msgstr "parámetros válidos para la opción '%s':\n"
 
 msgid "make a signature"
 msgstr "crea una firma"
@@ -1992,6 +1829,7 @@ msgstr "crea una firma"
 msgid "make a clear text signature"
 msgstr "crea una firma en texto claro"
 
+#. ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature") ),
 msgid "make a detached signature"
 msgstr "crea una firma separada"
 
@@ -2001,6 +1839,7 @@ msgstr "cifra datos"
 msgid "encryption only with symmetric cipher"
 msgstr "cifra sólo con un cifrado simétrico"
 
+#. ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
 msgid "decrypt data (default)"
 msgstr "descifra datos (predefinido)"
 
@@ -2025,28 +1864,20 @@ msgstr "lista claves secretas"
 msgid "generate a new key pair"
 msgstr "genera un nuevo par de claves"
 
-#, fuzzy
-#| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
-msgstr "genera un nuevo par de claves"
+msgstr "genera un nuevo par de claves en modo rápido"
 
-#, fuzzy
-#| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
-msgstr "genera un nuevo par de claves"
+msgstr "añade una nueva id de usuario en modo rápido"
 
-#, fuzzy
-#| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
-msgstr "genera un nuevo par de claves"
+msgstr "revoca una id de usuario en modo rápido"
 
-#, fuzzy
-#| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
-msgstr "genera un nuevo par de claves"
+msgstr "cambia la fecha de caducidad de modo rápido"
 
 msgid "full featured key pair generation"
-msgstr ""
+msgstr "generación de claves con todas las funcionalidades"
 
 msgid "generate a revocation certificate"
 msgstr "genera un certificado de revocación"
@@ -2057,15 +1888,11 @@ msgstr "elimina claves del anillo público"
 msgid "remove keys from the secret keyring"
 msgstr "elimina claves del anillo privado"
 
-#, fuzzy
-#| msgid "sign a key"
 msgid "quickly sign a key"
-msgstr "firma la clave"
+msgstr "firma una clave en modo rápido"
 
-#, fuzzy
-#| msgid "sign a key locally"
 msgid "quickly sign a key locally"
-msgstr "firma la clave localmente"
+msgstr "firma una clave localmente en modo rápido"
 
 msgid "sign a key"
 msgstr "firma la clave"
@@ -2116,16 +1943,16 @@ msgid "run in server mode"
 msgstr "ejecutar en modo servidor"
 
 msgid "|VALUE|set the TOFU policy for a key"
-msgstr ""
+msgstr "|VALUE|decide la política TOFU de una clave"
 
 msgid "create ascii armored output"
 msgstr "crea una salida ascii con armadura"
 
 msgid "|USER-ID|encrypt for USER-ID"
-msgstr "|ID-USUARIO|cifra para ID-USUARIO"
+msgstr "|USER-ID|cifra para ID-USUARIO"
 
 msgid "|USER-ID|use USER-ID to sign or decrypt"
-msgstr "|ID-USUARIO|usa este identificador para firmar o descifrar"
+msgstr "|USER-ID|usa este identificador para firmar o descifrar"
 
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|nivel de compresión N (0 desactiva)"
@@ -2134,7 +1961,7 @@ msgid "use canonical text mode"
 msgstr "usa modo de texto canónico"
 
 msgid "|FILE|write output to FILE"
-msgstr "|FICHERO|volcar salida en FICHERO"
+msgstr "|FILE|volcar salida en FICHERO"
 
 msgid "do not make any changes"
 msgstr "no hace ningún cambio"
@@ -2156,16 +1983,6 @@ msgstr ""
 "@\n"
 "(Véase en la página del manual la lista completo de órdenes y opciones)\n"
 
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "Examples:\n"
-#| "\n"
-#| " -se -r Bob [file]          sign and encrypt for user Bob\n"
-#| " --clear-sign [file]         make a clear text signature\n"
-#| " --detach-sign [file]       make a detached signature\n"
-#| " --list-keys [names]        show keys\n"
-#| " --fingerprint [names]      show fingerprints\n"
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2185,22 +2002,15 @@ msgstr ""
 " --list-keys [nombres]      muestra las claves\n"
 " --fingerprint [nombres]    muestra las huellas dactilares\n"
 
-#, fuzzy
-#| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
-msgstr "Uso: gpg [opciones] [ficheros] (-h para ayuda)"
+msgstr "Uso: @GPG@ [opciones] [ficheros] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg [options] [files]\n"
-#| "sign, check, encrypt or decrypt\n"
-#| "default operation depends on the input data\n"
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
 "Default operation depends on the input data\n"
 msgstr ""
-"Sintaxis: gpg [opciones] [ficheros]\n"
+"Sintaxis: @GPG@ [opciones] [ficheros]\n"
 "firma, comprueba, cifra o descifra\n"
 "la operación por defecto depende de los datos de entrada\n"
 
@@ -2223,102 +2033,82 @@ msgstr "Resumen: "
 msgid "Compression: "
 msgstr "Compresión: "
 
-#, fuzzy, c-format
-#| msgid "usage: gpgsm [options] "
+#, c-format
 msgid "usage: %s [options] %s\n"
-msgstr "uso: gpgsm [opciones] "
+msgstr "uso: %s [opciones] %s\n"
 
 msgid "conflicting commands\n"
 msgstr "órdenes incompatibles\n"
 
-#, fuzzy, c-format
-#| msgid "no = sign found in group definition `%s'\n"
+#, c-format
 msgid "no = sign found in group definition '%s'\n"
-msgstr "no se encontró el signo = en la definición de grupo `%s'\n"
+msgstr "no se encontró el signo = en la definición de grupo '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe ownership on homedir `%s'\n"
+#, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
-msgstr "AVISO: propiedad insegura del directorio personal `%s'\n"
+msgstr "AVISO: propiedad insegura del directorio personal '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+#, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
-msgstr "AVISO: propiedad insegura del fichero de configuración `%s'\n"
+msgstr "AVISO: propiedad insegura del fichero de configuración '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe ownership on extension `%s'\n"
+#, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
-msgstr "AVISO: propiedad insegura de la extensión `%s'\n"
+msgstr "AVISO: propiedad insegura de la extensión '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe permissions on homedir `%s'\n"
+#, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
-msgstr "AVISO: permisos inseguros del directorio personal `%s'\n"
+msgstr "AVISO: permisos inseguros del directorio personal '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+#, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
-msgstr "AVISO: permisos inseguros del fichero de configuración `%s'\n"
+msgstr "AVISO: permisos inseguros del fichero de configuración '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe permissions on extension `%s'\n"
+#, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
-msgstr "AVISO: permisos inseguros de la extensión `%s'\n"
+msgstr "AVISO: permisos inseguros de la extensión '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+#, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
-msgstr "AVISO: propiedad insegura del directorio contenedor de `%s'\n"
+msgstr "AVISO: propiedad insegura del directorio contenedor de '%s'\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+#, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr ""
 "AVISO: propiedad insegura del directorio contenedor del fichero de\n"
-"configuración `%s'\n"
+"configuración '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+#, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
-"AVISO: propiedad insegura del directorio contenedor de la extensión `%s'\n"
+"AVISO: propiedad insegura del directorio contenedor de la extensión '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+#, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
-msgstr "AVISO: permisos inseguros del directorio contenedor de `%s'\n"
+msgstr "AVISO: permisos inseguros del directorio contenedor de '%s'\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "WARNING: unsafe enclosing directory permissions on configuration file `"
-#| "%s'\n"
+#, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr ""
 "AVISO: permisos inseguros del directorio contenedor del fichero de\n"
-"configuración `%s'\n"
+"configuración '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+#, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
-"AVISO: permisos inseguros del directorio contenedor de la extensión `%s'\n"
+"AVISO: permisos inseguros del directorio contenedor de la extensión '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "unknown configuration item `%s'\n"
+#, c-format
 msgid "unknown configuration item '%s'\n"
-msgstr "artículo de configuración desconocido `%s'\n"
+msgstr "artículo de configuración desconocido '%s'\n"
 
 msgid "display photo IDs during key listings"
 msgstr "mostrar foto IDs al listar claves"
 
-#, fuzzy
-#| msgid "show user ID validity during key listings"
 msgid "show key usage information during key listings"
-msgstr "mostrar validez de la ID de usuario al listar claves"
+msgstr "mostrar información de uso de las claves al listarlas"
 
 msgid "show policy URLs during signature listings"
 msgstr "mostrar URLS de política al listar firmas"
@@ -2350,48 +2140,36 @@ msgstr "mostrar nombre de los anillos de claves al listar claves"
 msgid "show expiration dates during signature listings"
 msgstr "mostrar fechas de caducidad al listar firmas"
 
-#, fuzzy, c-format
-#| msgid "unknown option `%s'\n"
+#, c-format
 msgid "unknown TOFU policy '%s'\n"
-msgstr "opción desconocida `%s'\n"
+msgstr "política TOFU desconocida '%s'\n"
 
 msgid "(use \"help\" to list choices)\n"
-msgstr ""
+msgstr "(usa \"ayuda\" para listar las opciones)\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: old default options file `%s' ignored\n"
+#, c-format
 msgid "Note: old default options file '%s' ignored\n"
-msgstr "NOTA: se ignora el antiguo fichero de opciones predefinidas `%s'\n"
+msgstr "NOTA: se ignora el antiguo fichero de opciones predefinidas '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: %s is not for normal use!\n"
+#, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTA: ¡%s no es para uso normal!\n"
 
-#, fuzzy, c-format
-#| msgid "`%s' is not a valid signature expiration\n"
+#, c-format
 msgid "'%s' is not a valid signature expiration\n"
-msgstr "`%s' no es una fecha de caducidad válida\n"
+msgstr "'%s' no es una fecha de caducidad de firma válida\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: not a valid email address\n"
+#, c-format
 msgid "\"%s\" is not a proper mail address\n"
-msgstr "línea %d: no es una dirección de email válida\n"
+msgstr "\"%s\" no es una dirección de email válida\n"
 
-#, fuzzy, c-format
-#| msgid "invalid country code in `%s', line %d\n"
+#, c-format
 msgid "invalid pinentry mode '%s'\n"
-msgstr "código de país inválido en `%s', línea %d\n"
-
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
-msgid "invalid request origin '%s'\n"
-msgstr "falta parámetro para la opción \"%.50s\"\n"
+msgstr "modo de entrada de pin inválido '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "`%s' is not a valid character set\n"
+#, c-format
 msgid "'%s' is not a valid character set\n"
-msgstr "`%s' no es un juego de caracteres válido\n"
+msgstr "'%s' no es un juego de caracteres válido\n"
 
 msgid "could not parse keyserver URL\n"
 msgstr "no se puede interpretar la URL del servidor de claves\n"
@@ -2410,10 +2188,9 @@ msgstr "%s:%d: opciones de importación inválidas\n"
 msgid "invalid import options\n"
 msgstr "opciones de importación inválidas\n"
 
-#, fuzzy, c-format
-#| msgid "invalid list options\n"
+#, c-format
 msgid "invalid filter option: %s\n"
-msgstr "lista de opciones inválida\n"
+msgstr "opción de filtro inválida: %s\n"
 
 #, c-format
 msgid "%s:%d: invalid export options\n"
@@ -2496,7 +2273,7 @@ msgid "%s makes no sense with %s!\n"
 msgstr "¡%s no tiene sentido con %s!\n"
 
 msgid "WARNING: running with faked system time: "
-msgstr "AVISO: ejecutándose con hora del sistema falsificada"
+msgstr "AVISO: ejecutándose con hora del sistema falsificada "
 
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
@@ -2526,8 +2303,6 @@ msgstr "default-cert-level inválido; debe ser 0, 1, 2, ó 3\n"
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "min-cert-level inválido; debe ser 0, 1, 2, ó 3\n"
 
-#, fuzzy
-#| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTA: el modo S2K simple (0) no es nada recomendable\n"
 
@@ -2550,15 +2325,13 @@ msgstr "preferencias personales de compresión inválidas\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s aún no funciona con %s\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use digest algorithm `%s' while in %s mode\n"
+#, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
-msgstr "no puede usar el resumen `%s' en modo %s\n"
+msgstr "no puede usar el resumen '%s' en modo %s\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use compression algorithm `%s' while in %s mode\n"
+#, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
-msgstr "no puede usar la compresión `%s' en modo %s\n"
+msgstr "no puede usar la compresión '%s' en modo %s\n"
 
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
@@ -2567,24 +2340,21 @@ msgstr "inicialización de la base de datos de confianza fallida: %s\n"
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "AVISO: se indicaron receptores (-r) sin clave pública de cifrado\n"
 
-#, fuzzy, c-format
-#| msgid "symmetric encryption of `%s' failed: %s\n"
+#, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
-msgstr "el cifrado simétrico de `%s' falló: %s\n"
+msgstr "el cifrado simétrico de '%s' falló: %s\n"
 
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "no puede usar --symetric --encrypt con --s2k-mode 0\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
-msgstr "no puede usar --symetric --encrypt en modo %s\n"
+msgstr "no puede usar --symmetric --encrypt en modo %s\n"
 
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "no puede usar --symetric --sign --encrypt con --s2k-mode 0\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "no puede usar --symmetric --sign --encrypt en modo %s\n"
 
@@ -2600,10 +2370,9 @@ msgstr "recepción del servidor de claves fallida: %s\n"
 msgid "key export failed: %s\n"
 msgstr "exportación de clave fallida: %s\n"
 
-#, fuzzy, c-format
-#| msgid "key export failed: %s\n"
+#, c-format
 msgid "export as ssh key failed: %s\n"
-msgstr "exportación de clave fallida: %s\n"
+msgstr "exportación como clave ssh fallida: %s\n"
 
 #, c-format
 msgid "keyserver search failed: %s\n"
@@ -2621,22 +2390,22 @@ msgstr "eliminación de armadura fallida: %s\n"
 msgid "enarmoring failed: %s\n"
 msgstr "creación de armadura fallida: %s\n"
 
-#, fuzzy, c-format
-#| msgid "invalid hash algorithm `%s'\n"
+#, c-format
 msgid "invalid hash algorithm '%s'\n"
-msgstr "algoritmo de distribución inválido `%s'\n"
+msgstr "algoritmo de distribución inválido '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error parsing key specification '%s': %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error leyendo la especificación de clave '%s': %s\n"
 
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
-msgstr ""
+msgstr "'%s' no parece ser una ID de clave, huella digital o keygrip válido\n"
 
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
+"ADVERTENCIA: no se ha proporcionado ninguna orden. Intentando adivinar lo "
+"que quieres...\n"
 
 # Falta un espacio.
 # En español no se deja espacio antes de los puntos suspensivos
@@ -2655,16 +2424,16 @@ msgid "the given preferred keyserver URL is invalid\n"
 msgstr "la URL del servidor de claves preferido no es válida\n"
 
 msgid "|FILE|take the keys from the keyring FILE"
-msgstr "|FICHERO|tomar las claves del anillo FILE"
+msgstr "|FILE|tomar las claves del anillo FILE"
 
 msgid "make timestamp conflicts only a warning"
 msgstr "hacer que los conflictos de fecha-hora sean sólo un aviso"
 
 msgid "|FD|write status info to this FD"
-msgstr "|DF|escribe información de estado en este descriptor de fichero"
+msgstr "|FD|escribe información de estado en este descriptor de fichero"
 
 msgid "|ALGO|reject signatures made with ALGO"
-msgstr ""
+msgstr "|ALGO|rechaza firmas hechas con ALGO"
 
 msgid "Usage: gpgv [options] [files] (-h for help)"
 msgstr "Uso: gpgv [opciones] [ficheros] (-h para ayuda)"
@@ -2679,10 +2448,9 @@ msgstr ""
 msgid "No help available"
 msgstr "Ayuda no disponible"
 
-#, fuzzy, c-format
-#| msgid "No help available for `%s'"
+#, c-format
 msgid "No help available for '%s'"
-msgstr "No hay ayuda disponible para `%s'"
+msgstr "No hay ayuda disponible para '%s'"
 
 msgid "import signatures that are marked as local-only"
 msgstr "importar firmas marcadas como sólo locales"
@@ -2690,18 +2458,14 @@ msgstr "importar firmas marcadas como sólo locales"
 msgid "repair damage from the pks keyserver during import"
 msgstr "reparar daño del servidor de claves públicas al importar"
 
-#, fuzzy
-#| msgid "do not update the trustdb after import"
 msgid "do not clear the ownertrust values during import"
-msgstr "no actualiza la base de datos de confianza después de importar"
+msgstr "no limpiar los valores de confianza durante la importación"
 
 msgid "do not update the trustdb after import"
 msgstr "no actualiza la base de datos de confianza después de importar"
 
-#, fuzzy
-#| msgid "show key fingerprint"
 msgid "show key during import"
-msgstr "muestra huella dactilar de la clave"
+msgstr "mostrar la clave durante la importación"
 
 msgid "only accept updates to existing keys"
 msgstr "sólo aceptar actualizaciones de claves ya existentes"
@@ -2713,17 +2477,13 @@ msgid "remove as much as possible from key after import"
 msgstr "borrar tanto como sea posible de la clave tras importar"
 
 msgid "run import filters and export key immediately"
-msgstr ""
+msgstr "ejecutar filtros de importación y exportar clave inmediatamente"
 
-#, fuzzy
-#| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
-msgstr "asumir entrada en formato binario"
+msgstr "asumir entrada en formato de backup de clave GnuPG"
 
-#, fuzzy
-#| msgid "show key fingerprint"
 msgid "repair keys on import"
-msgstr "muestra huella dactilar de la clave"
+msgstr "reparar claves al importar"
 
 #, c-format
 msgid "skipping block of type %d\n"
@@ -2737,10 +2497,9 @@ msgstr "%lu claves procesadas hasta ahora\n"
 msgid "Total number processed: %lu\n"
 msgstr "Cantidad total procesada: %lu\n"
 
-#, fuzzy, c-format
-#| msgid "      skipped new keys: %lu\n"
+#, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
-msgstr "      omitidas nuevas claves: %lu\n"
+msgstr "      omitidas las claves PGP-2: %lu\n"
 
 #, c-format
 msgid "      skipped new keys: %lu\n"
@@ -2760,7 +2519,7 @@ msgstr "             sin cambios: %lu\n"
 
 #, c-format
 msgid "          new user IDs: %lu\n"
-msgstr "     nuevos identificativos: %lu\n"
+msgstr "          nuevos identificativos: %lu\n"
 
 #, c-format
 msgid "           new subkeys: %lu\n"
@@ -2768,23 +2527,23 @@ msgstr "           nuevas subclaves: %lu\n"
 
 #, c-format
 msgid "        new signatures: %lu\n"
-msgstr "              nuevas firmas: %lu\n"
+msgstr "        nuevas firmas: %lu\n"
 
 #, c-format
 msgid "   new key revocations: %lu\n"
-msgstr "        nuevas revocaciones de claves: %lu\n"
+msgstr "   nuevas revocaciones de claves: %lu\n"
 
 #, c-format
 msgid "      secret keys read: %lu\n"
-msgstr "     claves secretas leídas: %lu\n"
+msgstr "      claves secretas leídas: %lu\n"
 
 #, c-format
 msgid "  secret keys imported: %lu\n"
-msgstr " claves secretas importadas: %lu\n"
+msgstr "  claves secretas importadas: %lu\n"
 
 #, c-format
 msgid " secret keys unchanged: %lu\n"
-msgstr "claves secretas sin cambios: %lu\n"
+msgstr " claves secretas sin cambios: %lu\n"
 
 #, c-format
 msgid "          not imported: %lu\n"
@@ -2823,7 +2582,7 @@ msgstr "se recomienda encarecidamente que actualice sus preferencias y\n"
 
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
-"re-dustribuya esta clave para evitar potenciales problemas de\n"
+"redistribuya esta clave para evitar potenciales problemas de\n"
 "diferencias en los algoritmos.\n"
 
 #, c-format
@@ -2835,13 +2594,12 @@ msgstr ""
 msgid "key %s: no user ID\n"
 msgstr "clave %s: sin identificador de usuario\n"
 
-#, fuzzy, c-format
-#| msgid "skipped \"%s\": %s\n"
+#, c-format
 msgid "key %s: %s\n"
-msgstr "omitido \"%s\": %s\n"
+msgstr "clave %s: %s\n"
 
 msgid "rejected by import screener"
-msgstr ""
+msgstr "rechazado por el filtro de importación"
 
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
@@ -2870,10 +2628,9 @@ msgstr "clave %s: clave nueva - omitida\n"
 msgid "no writable keyring found: %s\n"
 msgstr "anillo de claves no escribible encontrado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing keyring `%s': %s\n"
+#, c-format
 msgid "error writing keyring '%s': %s\n"
-msgstr "error escribiendo anillo `%s': %s\n"
+msgstr "error escribiendo anillo '%s': %s\n"
 
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
@@ -2931,27 +2688,27 @@ msgstr "clave %s: \"%s\" sin cambios\n"
 msgid "key %s: secret key imported\n"
 msgstr "clave %s: clave secreta importada\n"
 
-#, fuzzy, c-format
-#| msgid "skipped: secret key already present\n"
+#, c-format
 msgid "key %s: secret key already exists\n"
-msgstr "omitido: clave secreta ya presente\n"
+msgstr "clave %s: clave secreta ya existe\n"
 
-#, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
+#, c-format
 msgid "key %s: error sending to agent: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "clave %s: error enviando al agente: %s\n"
 
-#, fuzzy, c-format
-#| msgid "secret key \"%s\" not found: %s\n"
+#, c-format
 msgid "secret key %s: %s\n"
-msgstr "clave secreta \"%s\" no encontrada: %s\n"
+msgstr "clave secreta %s: %s\n"
 
+#. We don't allow importing secret keys because that may be used
+#. to put a secret key into the keyring and the user might later
+#. be tricked into signing stuff with that key.
 msgid "importing secret keys not allowed\n"
 msgstr "no se permite importar claves secretas\n"
 
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
-msgstr "clave %s: clave secreta con cifrado inválido %d - omitida\n"
+msgstr "clave %s: clave secreta con cifrado incorrecto %d - omitida\n"
 
 #. TRANSLATORS: For smartcard, each private key on
 #. host has a reference (stub) to a smartcard and
@@ -2965,7 +2722,7 @@ msgstr "clave %s: clave secreta con cifrado inválido %d - omitida\n"
 #. created again.
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
-msgstr ""
+msgstr "Para migrar '%s', para cada smartcard ejecuta: %s\n"
 
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
@@ -3043,7 +2800,7 @@ msgstr "clave %s: subclave omitida\n"
 
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
-msgstr "clave %s: firma no exportable (clase 0x%02x) - omitida\n"
+msgstr "clave %s: firma no exportable (clase 0x%02X) - omitida\n"
 
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
@@ -3059,7 +2816,7 @@ msgstr "clave %s: firma de subclave en lugar equivocado - omitida\n"
 
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
-msgstr "clave %s: firma de clase (0x%02x) inesperada - omitida\n"
+msgstr "clave %s: firma de clase (0x%02X) inesperada - omitida\n"
 
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
@@ -3083,35 +2840,29 @@ msgstr "clave %s: \"%s\" certificado de revocación añadido\n"
 msgid "key %s: direct key signature added\n"
 msgstr "clave %s: firma directa de clave añadida\n"
 
-#, fuzzy, c-format
-#| msgid "error creating keybox `%s': %s\n"
+#, c-format
 msgid "error creating keybox '%s': %s\n"
-msgstr "error creando caja de claves `%s': %s\n"
+msgstr "error al crear caja de claves '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
+#, c-format
 msgid "error creating keyring '%s': %s\n"
-msgstr "error escribiendo anillo `%s': %s\n"
+msgstr "error al crear anillo '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "keybox `%s' created\n"
+#, c-format
 msgid "keybox '%s' created\n"
-msgstr "caja de claves `%s' creada\n"
+msgstr "caja de claves '%s' creada\n"
 
-#, fuzzy, c-format
-#| msgid "keyring `%s' created\n"
+#, c-format
 msgid "keyring '%s' created\n"
-msgstr "anillo `%s' creado\n"
+msgstr "anillo '%s' creado\n"
 
-#, fuzzy, c-format
-#| msgid "keyblock resource `%s': %s\n"
+#, c-format
 msgid "keyblock resource '%s': %s\n"
-msgstr "recurso de bloque de claves: `%s': %s\n"
+msgstr "recurso de bloque de claves '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
+#, c-format
 msgid "error opening key DB: %s\n"
-msgstr "error abriendo `%s': %s\n"
+msgstr "error al abrir base de datos de claves: %s\n"
 
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
@@ -3136,11 +2887,11 @@ msgstr ""
 
 #, c-format
 msgid "  %d = I trust marginally\n"
-msgstr " %d = Confío un poco\n"
+msgstr "  %d = Confío un poco\n"
 
 #, c-format
 msgid "  %d = I trust fully\n"
-msgstr " %d = Confío totalmente\n"
+msgstr "  %d = Confío totalmente\n"
 
 msgid ""
 "Please enter the depth of this trust signature.\n"
@@ -3156,7 +2907,7 @@ msgstr "Introduzca un dominio para restringir esta firma, o intro para nada.\n"
 
 #, c-format
 msgid "Skipping user ID \"%s\", which is not a text ID.\n"
-msgstr ""
+msgstr "Salteando el ID de usuario \"%s\", que no es un ID de texto.\n"
 
 #, c-format
 msgid "User ID \"%s\" is revoked."
@@ -3178,7 +2929,7 @@ msgstr "ID de usuario \"%s\" no tiene autofirma."
 
 #, c-format
 msgid "User ID \"%s\" is signable.  "
-msgstr "ID de usuario \"%s\" puede firmarse."
+msgstr "ID de usuario \"%s\" puede firmarse.  "
 
 msgid "Sign it? (y/N) "
 msgstr "¿Firmarlo? (s/N) "
@@ -3205,6 +2956,8 @@ msgstr ""
 msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
 msgstr "¿Quiere producir una nueva firma que reemplace a la expirada? (s/N) "
 
+#. It's a local sig, and we want to make a
+#. exportable sig.
 #, c-format
 msgid ""
 "Your current signature on \"%s\"\n"
@@ -3266,10 +3019,8 @@ msgstr "   (2) He hecho una comprobación informal.%s\n"
 msgid "   (3) I have done very careful checking.%s\n"
 msgstr "   (3) Lo he comprobado meticulosamente.%s\n"
 
-#, fuzzy
-#| msgid "Your selection? (enter `?' for more information): "
 msgid "Your selection? (enter '?' for more information): "
-msgstr "¿Su elección? (escriba '?' si desea más información): "
+msgstr "¿Su elección? (escriba '?' para más información): "
 
 #, c-format
 msgid ""
@@ -3315,21 +3066,18 @@ msgstr ""
 "La clave tiene sólo un apuntador u objetos de clave en la propia tarjeta\n"
 "- no hay frase contraseña que cambiar.\n"
 
-#, fuzzy, c-format
-#| msgid "error creating passphrase: %s\n"
+#, c-format
 msgid "key %s: error changing passphrase: %s\n"
-msgstr "error creando frase contraseña: %s\n"
+msgstr "clave %s: error al cambiar frase contraseña: %s\n"
 
 msgid "save and quit"
 msgstr "graba y sale"
 
 msgid "show key fingerprint"
-msgstr "muestra huella dactilar de la clave"
+msgstr "muestra huella digital de la clave"
 
-#, fuzzy
-#| msgid "Enter the keygrip: "
 msgid "show the keygrip"
-msgstr "Introduzca keygrip: "
+msgstr "mostrar el keygrip"
 
 msgid "list key and user IDs"
 msgstr "lista clave e identificadores de usuario"
@@ -3346,6 +3094,9 @@ msgstr "comprueba firmas"
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "firmar IDs seleccionadas [* ver debajo órdenes relacionadas]"
 
+#. "lsign" and friends will never match since "sign" comes first
+#. and it is a tail match.  They are just here so they show up in
+#. the help menu.
 msgid "sign selected user IDs locally"
 msgstr "firma localmente los IDs de usuarios elegidos"
 
@@ -3439,38 +3190,29 @@ msgstr "compactar IDs inutilizables y borrar todas las firmas de la clave"
 msgid "Secret key is available.\n"
 msgstr "Clave secreta disponible.\n"
 
-#, fuzzy
-#| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
-msgstr "Clave secreta disponible.\n"
+msgstr "Subclaves secretas disponibles.\n"
 
 msgid "Need the secret key to do this.\n"
 msgstr "Se necesita la clave secreta para hacer esto.\n"
 
-#, fuzzy
-#| msgid ""
-#| "* The `sign' command may be prefixed with an `l' for local signatures "
-#| "(lsign),\n"
-#| "  a `t' for trust signatures (tsign), an `nr' for non-revocable "
-#| "signatures\n"
-#| "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
 "  a 't' for trust signatures (tsign), an 'nr' for non-revocable signatures\n"
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
-"* La orden `sign' (firmar) puede estar precedida por una 'l' para firmas\n"
-"locales (lsign), una 't' para firmas fiables (tsign), `nr' para firmas no\n"
+"* La orden 'sign' (firmar) puede estar precedida por una 'l' para firmas\n"
+"locales (lsign), una 't' para firmas fiables (tsign), 'nr' para firmas no\n"
 "revocables (nrsign) o cualquier combinación de ellas (ltsign, tnrsign, etc)\n"
 
 msgid "Key is revoked."
 msgstr "La clave está revocada."
 
-#, fuzzy
-#| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
-msgstr "¿Firmar realmente todos los IDs de usuario? (s/N) "
+msgstr ""
+"¿Firmar realmente todos los identificadores de usuario que son sólo texto? "
+"(s/N) "
 
 msgid "Really sign all user IDs? (y/N) "
 msgstr "¿Firmar realmente todos los IDs de usuario? (s/N) "
@@ -3478,10 +3220,9 @@ msgstr "¿Firmar realmente todos los IDs de usuario? (s/N) "
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Sugerencia: seleccione los identificadores de usuario que firmar\n"
 
-#, fuzzy, c-format
-#| msgid "Unknown signature type `%s'\n"
+#, c-format
 msgid "Unknown signature type '%s'\n"
-msgstr "Clase de firma desconocida `%s'\n"
+msgstr "Clase de firma desconocida '%s'\n"
 
 #, c-format
 msgid "This command is not allowed while in %s mode.\n"
@@ -3492,7 +3233,7 @@ msgstr "Debe seleccionar por lo menos un identificador de usuario.\n"
 
 #, c-format
 msgid "(Use the '%s' command.)\n"
-msgstr ""
+msgstr "(Use la orden '%s')\n"
 
 msgid "You can't delete the last user ID!\n"
 msgstr "¡No puede borrar el último identificador de usuario!\n"
@@ -3506,7 +3247,7 @@ msgstr "¿Borrar realmente este identificador de usuario? (s/N) "
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
 msgid "Really move the primary key? (y/N) "
-msgstr "¿Realmente cambiar de sitio la clave primaria? (s/N)"
+msgstr "¿Realmente cambiar de sitio la clave primaria? (s/N) "
 
 msgid "You must select exactly one key.\n"
 msgstr "Debe seleccionar exactamente una clave.\n"
@@ -3514,15 +3255,13 @@ msgstr "Debe seleccionar exactamente una clave.\n"
 msgid "Command expects a filename argument\n"
 msgstr "La orden espera un nombre de fichero como argumento\n"
 
-#, fuzzy, c-format
-#| msgid "Can't open `%s': %s\n"
+#, c-format
 msgid "Can't open '%s': %s\n"
-msgstr "No se puede abrir `%s': %s\n"
+msgstr "No se puede abrir '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "Error reading backup key from `%s': %s\n"
+#, c-format
 msgid "Error reading backup key from '%s': %s\n"
-msgstr "Error leyendo clave de respaldo desde `%s': %s\n"
+msgstr "Error leyendo clave de respaldo desde '%s': %s\n"
 
 msgid "You must select at least one key.\n"
 msgstr "Debe seleccionar por lo menos una clave.\n"
@@ -3543,7 +3282,7 @@ msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "¿De verdad quiere revocar la clave completa? (s/N) "
 
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
-msgstr "¿De verdad quiere revocar las subclaves seleccionadas? (s/N)"
+msgstr "¿De verdad quiere revocar las subclaves seleccionadas? (s/N) "
 
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "¿De verdad quiere revocar esta subclave? (s/N) "
@@ -3576,60 +3315,48 @@ msgstr "actualización fallida: %s\n"
 msgid "Key not changed so no update needed.\n"
 msgstr "Clave sin cambios, no se necesita actualización.\n"
 
-#, fuzzy
-#| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
-msgstr "¡No puede borrar el último identificador de usuario!\n"
+msgstr "no se puede revocar el último identificador de usuario válido\n"
 
-#, fuzzy, c-format
-#| msgid "checking the trust list failed: %s\n"
+#, c-format
 msgid "revoking the user ID failed: %s\n"
-msgstr "la comprobación de la lista de confianza falló: %s\n"
+msgstr "la revocación del identificador de usuario ha fallado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "checking the trust list failed: %s\n"
+#, c-format
 msgid "setting the primary user ID failed: %s\n"
-msgstr "la comprobación de la lista de confianza falló: %s\n"
+msgstr "la configuración del ID de usuario primario ha fallado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "invalid fingerprint"
+#, c-format
 msgid "\"%s\" is not a fingerprint\n"
-msgstr "huella dactilar no válida"
+msgstr "\"%s\" no es una huella digital\n"
 
-#, fuzzy, c-format
-#| msgid "failed to get the fingerprint\n"
+#, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
-msgstr "fallo obteniendo huella digital\n"
+msgstr ""
+"\"%s\" no es la huella digital primaria\n"
+"\n"
 
-#, fuzzy, c-format
-#| msgid "invalid value\n"
+#, c-format
 msgid "Invalid user ID '%s': %s\n"
-msgstr "valor inválido\n"
+msgstr "Identificador de usuario '%s' no válido : %s\n"
 
-#, fuzzy
-#| msgid "No such user ID.\n"
 msgid "No matching user IDs."
-msgstr "ID de usuario inexistente.\n"
+msgstr "No coincide con ningún identificador de usuario."
 
-#, fuzzy
-#| msgid "Nothing to sign with key %s\n"
 msgid "Nothing to sign.\n"
-msgstr "Nada que firmar con la clave %s\n"
+msgstr "Nada que firmar.\n"
 
-#, fuzzy, c-format
-#| msgid "`%s' is not a valid signature expiration\n"
+#, c-format
 msgid "'%s' is not a valid expiration time\n"
-msgstr "`%s' no es una fecha de caducidad válida\n"
+msgstr "'%s' no es una fecha de caducidad válida\n"
 
-#, fuzzy, c-format
-#| msgid "invalid fingerprint"
+#, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
-msgstr "huella dactilar no válida"
+msgstr "\"%s\" no es una huella digital válida\n"
 
-#, fuzzy, c-format
-#| msgid "key \"%s\" not found: %s\n"
+#, c-format
 msgid "subkey \"%s\" not found\n"
-msgstr "clave \"%s\" no encontrada: %s\n"
+msgstr "subclave \"%s\" no encontrada\n"
 
 msgid "Digest: "
 msgstr "Resumen: "
@@ -3698,8 +3425,8 @@ msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
 msgstr ""
-"Por favor, advierta que la validez de clave mostrada no es necesariamente\n"
-"correcta a menos de que reinicie el programa.\n"
+"Ten en cuenta que la validez de clave mostrada no es necesariamente\n"
+"correcta a menos de que reinicies el programa.\n"
 
 msgid "revoked"
 msgstr "revocada"
@@ -3715,12 +3442,10 @@ msgstr ""
 "       causar que se tome como principal por defecto otro ID de usuario.\n"
 
 msgid "WARNING: Your encryption subkey expires soon.\n"
-msgstr ""
+msgstr "AVISO: Tu subclave de cifrado caduca pronto.\n"
 
-#, fuzzy
-#| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
-msgstr "No puede cambiar la fecha de caducidad de una clave v3\n"
+msgstr "Puede que también quieras cambiar su fecha de caducidad.\n"
 
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
@@ -3751,11 +3476,10 @@ msgstr "¿Borrar esta firma desconocida? (s/N/q)"
 msgid "Really delete this self-signature? (y/N)"
 msgstr "¿Borrar realmente esta autofirma? (s/N)"
 
-#, fuzzy, c-format
-#| msgid "Deleted %d signature.\n"
+#, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
-msgstr[0] "%d firmas borradas.\n"
+msgstr[0] "%d firma borrada.\n"
 msgstr[1] "%d firmas borradas.\n"
 
 msgid "Nothing deleted.\n"
@@ -3768,12 +3492,11 @@ msgstr "inválida"
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "ID de usuario \"%s\" compactado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "User ID \"%s\": %d signature removed\n"
+#, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "ID de usuario \"%s\": %d firma borrada\n"
-msgstr[1] "ID de usuario \"%s\": %d firma borrada\n"
+msgstr[1] "ID de usuario \"%s\": %d firmas borradas\n"
 
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
@@ -3800,6 +3523,9 @@ msgstr "Introduzca el ID de usuario del revocador designado: "
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "no se puede elegir una clave tipo PGP 2.x como revocador designado\n"
 
+#. This actually causes no harm (after all, a key that
+#. designates itself as a revoker is the same as a
+#. regular key), but it's easy enough to check.
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "no puede elegir una clave como su propio revocador designado\n"
 
@@ -3815,14 +3541,12 @@ msgid ""
 msgstr ""
 "¿Está seguro de querer elegir esta clave como revocador designado? (s/N) "
 
-#, fuzzy
-#| msgid ""
-#| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr ""
-"¿Está seguro de querer elegir esta clave como revocador designado? (s/N) "
+"¿Está seguro de querer cambiar la fecha de caducidad para multiples "
+"subclaves? (s/N) "
 
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Cambiando fecha de caducidad de subclave.\n"
@@ -3833,16 +3557,6 @@ msgstr "Cambiando caducidad de clave primaria.\n"
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "No puede cambiar la fecha de caducidad de una clave v3\n"
 
-#, fuzzy
-#| msgid "Changing expiration time for a subkey.\n"
-msgid "Changing usage of a subkey.\n"
-msgstr "Cambiando fecha de caducidad de subclave.\n"
-
-#, fuzzy
-#| msgid "Changing expiration time for the primary key.\n"
-msgid "Changing usage of the primary key.\n"
-msgstr "Cambiando caducidad de clave primaria.\n"
-
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "la subclave de firmado %s ya está certificada en cruz\n"
@@ -3881,10 +3595,9 @@ msgstr "No hay ningún identificador de usuario con el índice %d\n"
 msgid "No user ID with hash %s\n"
 msgstr "No hay ID de usuario con hash %s\n"
 
-#, fuzzy, c-format
-#| msgid "No subkey with index %d\n"
+#, c-format
 msgid "No subkey with key ID '%s'.\n"
-msgstr "No existe una subclave con índice %d\n"
+msgstr "No existe una subclave con ID de usuario '%s'.\n"
 
 #, c-format
 msgid "No subkey with index %d\n"
@@ -3909,7 +3622,7 @@ msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "¿De verdad quiere revocarla? (s/N) "
 
 msgid "Create a revocation certificate for this signature? (y/N) "
-msgstr "¿Crear un certificado de revocación para esta clave? (s/N)"
+msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
 
 msgid "Not signed by you.\n"
 msgstr "No está firmado por usted.\n"
@@ -3934,10 +3647,9 @@ msgstr "¿Crear los certificados de revocación realmente? (s/N) "
 msgid "no secret key\n"
 msgstr "no hay clave secreta\n"
 
-#, fuzzy, c-format
-#| msgid "revoke a user ID"
+#, c-format
 msgid "tried to revoke a non-user ID: %s\n"
-msgstr "revocar un identificador de usuario"
+msgstr "ha intentado revocar una ID no de usuario: %s\n"
 
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
@@ -3947,10 +3659,8 @@ msgstr "ID de usuario \"%s\" ya ha sido revocado\n"
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "AVISO: un ID de usuario tiene fecha %d segundos en el futuro\n"
 
-#, fuzzy
-#| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
-msgstr "¡No puede borrar el último identificador de usuario!\n"
+msgstr "No se puede revocar el último identificador de usuario válido\n"
 
 #, c-format
 msgid "Key %s is already revoked.\n"
@@ -3964,15 +3674,13 @@ msgstr "La subclave %s ya ha sido revocada.\n"
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Mostrando ID fotográfico %s de tamaño %ld para la clave %s (uid %d)\n"
 
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
+#, c-format
 msgid "invalid value for option '%s'\n"
-msgstr "falta parámetro para la opción \"%.50s\"\n"
+msgstr "parámetro incorrecto para la opción '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "preference `%s' duplicated\n"
+#, c-format
 msgid "preference '%s' duplicated\n"
-msgstr "preferencia `%s' duplicada\n"
+msgstr "preferencia '%s' duplicada\n"
 
 msgid "too many cipher preferences\n"
 msgstr "demasiadas preferencias de cifrado\n"
@@ -3983,10 +3691,9 @@ msgstr "demasiadas preferencias de resumen\n"
 msgid "too many compression preferences\n"
 msgstr "demasiadas preferencias de compresión\n"
 
-#, fuzzy, c-format
-#| msgid "invalid item `%s' in preference string\n"
+#, c-format
 msgid "invalid item '%s' in preference string\n"
-msgstr "caracter inválido `%s' en cadena de preferencias\n"
+msgstr "item incorrecto '%s' en cadena de preferencias\n"
 
 msgid "writing direct signature\n"
 msgstr "escribiendo firma directa\n"
@@ -4059,6 +3766,9 @@ msgstr "   (%c) Conmutar la capacidad de autenticación\n"
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Acabado\n"
 
+msgid "Please select what kind of key you want:\n"
+msgstr "Por favor seleccione tipo de clave deseado:\n"
+
 #, c-format
 msgid "   (%d) RSA and RSA (default)\n"
 msgstr "   (%d) RSA y RSA (por defecto)\n"
@@ -4091,28 +3801,23 @@ msgstr "   (%d) DSA (permite elegir capacidades)\n"
 msgid "   (%d) RSA (set your own capabilities)\n"
 msgstr "   (%d) RSA (permite elegir capacidades)\n"
 
-#, fuzzy, c-format
-#| msgid "   (%d) DSA and Elgamal\n"
+#, c-format
 msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA y ElGamal\n"
+msgstr "   (%d) ECC y ECC\n"
 
-#, fuzzy, c-format
-#| msgid "   (%d) DSA (sign only)\n"
+#, c-format
 msgid "  (%d) ECC (sign only)\n"
-msgstr "   (%d) DSA (sólo firmar)\n"
+msgstr "  (%d) ECC (sólo firmar)\n"
 
-#, fuzzy, c-format
-#| msgid "   (%d) DSA (set your own capabilities)\n"
+#, c-format
 msgid "  (%d) ECC (set your own capabilities)\n"
-msgstr "   (%d) DSA (permite elegir capacidades)\n"
+msgstr "   (%d) ECC (permite elegir capacidades)\n"
 
-#, fuzzy, c-format
-#| msgid "   (%d) RSA (encrypt only)\n"
+#, c-format
 msgid "  (%d) ECC (encrypt only)\n"
-msgstr "   (%d) RSA (sólo cifrar)\n"
+msgstr "   (%d) ECC (sólo cifrar)\n"
 
-#, fuzzy, c-format
-#| msgid "   (%d) Existing key\n"
+#, c-format
 msgid "  (%d) Existing key\n"
 msgstr "   (%d) Clave existente\n"
 
@@ -4125,8 +3830,7 @@ msgstr "No es un keygrip válido (se esperaban 40 dígitos hex)\n"
 msgid "No key with this keygrip\n"
 msgstr "No hay claves con ese keygrip\n"
 
-#, fuzzy, c-format
-#| msgid "rounded up to %u bits\n"
+#, c-format
 msgid "rounded to %u bits\n"
 msgstr "redondeados a %u bits\n"
 
@@ -4138,14 +3842,16 @@ msgstr "las claves %s pueden tener entre %u y %u bits de longitud.\n"
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "¿De qué tamaño quiere la subclave? (%u) "
 
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
+
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "El tamaño requerido es de %u bits\n"
 
-#, fuzzy
-#| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
-msgstr "Por favor seleccione tipo de clave deseado:\n"
+msgstr "Seleccione el tipo de curva elíptica deseado:\n"
 
 msgid ""
 "Please specify how long the key should be valid.\n"
@@ -4220,6 +3926,10 @@ msgstr ""
 "GnuPG debe construir un ID de usuario para identificar su clave.\n"
 "\n"
 
+#. There is no translation for the string thus we to use
+#. the old info text.  gettext has no way to tell whether
+#. a translation is actually available, thus we need to
+#. to compare again.
 #. TRANSLATORS: This string is in general not anymore used
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
@@ -4247,7 +3957,7 @@ msgstr "Caracter inválido en el nombre\n"
 
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
-msgstr ""
+msgstr "Los caracteres '%s' y '%s' no pueden aparecer en el nombre\n"
 
 msgid "Name may not start with a digit\n"
 msgstr "El nombre no puede empezar con un número\n"
@@ -4267,10 +3977,9 @@ msgstr "Comentario: "
 msgid "Invalid character in comment\n"
 msgstr "Caracter inválido en el comentario\n"
 
-#, fuzzy, c-format
-#| msgid "You are using the `%s' character set.\n"
+#, c-format
 msgid "You are using the '%s' character set.\n"
-msgstr "Está usando el juego de caracteres `%s'.\n"
+msgstr "Está usando el juego de caracteres '%s'.\n"
 
 #, c-format
 msgid ""
@@ -4338,55 +4047,49 @@ msgid ""
 "    \"%s\"\n"
 "\n"
 msgstr ""
+"A punto de crear una clave para:\n"
+"    \"%s\"\n"
+"\n"
 
 msgid "Continue? (Y/n) "
-msgstr ""
+msgstr "¿Continuar? (s/N) "
 
-#, fuzzy, c-format
-#| msgid "key already exists\n"
+#, c-format
 msgid "A key for \"%s\" already exists\n"
-msgstr "la clave ya existe\n"
+msgstr "Ya existe una clave para \"%s\"\n"
 
-#, fuzzy
-#| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
-msgstr "¿Crear de todas formas?"
+msgstr "¿Crear de todas formas?(y/N) "
 
-#, fuzzy
-#| msgid "Create anyway? "
 msgid "creating anyway\n"
-msgstr "¿Crear de todas formas?"
+msgstr "creando de todas formas\n"
 
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
-msgstr ""
+msgstr "Nota: Usa \"%s %s\" para el diálogo completo de generación de clave.\n"
 
 msgid "Key generation canceled.\n"
 msgstr "Creación de claves cancelada.\n"
 
-#, fuzzy, c-format
-#| msgid "can't create backup file `%s': %s\n"
+#, c-format
 msgid "can't create backup file '%s': %s\n"
-msgstr "no se puede crear fichero de respaldo `%s': %s\n"
+msgstr "no se puede crear fichero de respaldo '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: backup of card key saved to `%s'\n"
+#, c-format
 msgid "Note: backup of card key saved to '%s'\n"
-msgstr "NOTA: copia de seguridad de la clave guardada en `%s'\n"
+msgstr "NOTA: copia de seguridad de la clave guardada en '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "writing public key to `%s'\n"
+#, c-format
 msgid "writing public key to '%s'\n"
-msgstr "escribiendo clave pública en `%s'\n"
+msgstr "escribiendo clave pública en '%s'\n"
 
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "anillo público de claves no escribible encontrado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing public keyring `%s': %s\n"
+#, c-format
 msgid "error writing public keyring '%s': %s\n"
-msgstr "error escribiendo anillo público `%s': %s\n"
+msgstr "error escribiendo anillo público '%s': %s\n"
 
 msgid "public and secret key created and signed.\n"
 msgstr "claves pública y secreta creadas y firmadas.\n"
@@ -4412,10 +4115,9 @@ msgstr ""
 "clave pública creada %lu segundos en el futuro (salto en el tiempo o\n"
 "problemas con el reloj)\n"
 
-#, fuzzy
-#| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
-msgstr "NOTA: crear subclaves para claves V3 no sigue el estándar OpenPGP\n"
+msgstr ""
+"Atención: crear subclaves para claves V3 no sigue el estándar OpenPGP\n"
 
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Las partes secretas de la clave primaria no están disponibles.\n"
@@ -4444,39 +4146,35 @@ msgstr "Notación de firmas críticas: "
 msgid "Signature notation: "
 msgstr "Notación de firma: "
 
-#, fuzzy, c-format
-#| msgid "%d bad signatures\n"
+#, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
-msgstr[0] "%d firmas incorrectas\n"
-msgstr[1] "%d firmas incorrectas\n"
+msgstr[0] "%d firma correcta\n"
+msgstr[1] "%d firmas correctas\n"
 
-#, fuzzy, c-format
-#| msgid "%d bad signatures\n"
+#, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
-msgstr[0] "%d firmas incorrectas\n"
+msgstr[0] "%d firma incorrecta\n"
 msgstr[1] "%d firmas incorrectas\n"
 
-#, fuzzy, c-format
-#| msgid "1 signature not checked due to a missing key\n"
+#, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
-msgstr[0] "1 firma no comprobada por falta de clave\n"
-msgstr[1] "1 firma no comprobada por falta de clave\n"
+msgstr[0] "1 firma no comprobada por falta de una clave\n"
+msgstr[1] "%d firmas no comprobadas por falta de claves\n"
 
-#, fuzzy, c-format
-#| msgid "1 signature not checked due to an error\n"
+#, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 firma no comprobada por causa de un error\n"
-msgstr[1] "1 firma no comprobada por causa de un error\n"
+msgstr[1] "%d firmas no comprobadas por causa de errores\n"
 
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Advertencia: clave %lu no usada por su gran tamaño\n"
+msgstr[1] "Advertencia: claves %lu no usadas por su gran tamaño\n"
 
 msgid "Keyring"
 msgstr "Anillo de claves"
@@ -4501,38 +4199,34 @@ msgstr "      Huella de clave ="
 msgid "      Card serial no. ="
 msgstr "      Número de serie de la tarjeta ="
 
-#, fuzzy, c-format
-#| msgid "caching keyring `%s'\n"
+#, c-format
 msgid "caching keyring '%s'\n"
-msgstr "memorizando anillo `%s'\n"
+msgstr "memorizando anillo '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "%lu keys cached so far (%lu signatures)\n"
+#, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
-msgstr[0] "%lu claves memorizadas hasta ahora (%lu firmas)\n"
+msgstr[0] "%lu clave memorizada hasta ahora (%lu firmas)\n"
 msgstr[1] "%lu claves memorizadas hasta ahora (%lu firmas)\n"
 
-#, fuzzy, c-format
-#| msgid "\t%lu keys updated\n"
+#, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
-msgstr[0] "\t%lu claves actualizadas\n"
-msgstr[1] "\t%lu claves actualizadas\n"
+msgstr[0] "%lu clave memorizada"
+msgstr[1] "\t%lu claves memrizadas"
 
-#, fuzzy, c-format
-#| msgid "1 bad signature\n"
+#, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
-msgstr[0] "1 firma incorrecta\n"
-msgstr[1] "1 firma incorrecta\n"
+msgstr[0] " (%lu firma)\n"
+msgstr[1] " (%lu firmas)\n"
 
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: anillo creado\n"
 
 msgid "override proxy options set for dirmngr"
-msgstr ""
+msgstr "pasar por encima las opciones de proxy configuradas para dirmngr"
 
 msgid "include revoked keys in search results"
 msgstr "incluir claves revocadas en resultados de la búsqueda"
@@ -4541,7 +4235,7 @@ msgid "include subkeys when searching by key ID"
 msgstr "incluir subclaves al buscar por ID de clave"
 
 msgid "override timeout options set for dirmngr"
-msgstr ""
+msgstr "pasar por encima las opciones de timeout configuradas para dirmngr"
 
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "recuperar automáticamente claves al verificar firmas"
@@ -4556,7 +4250,7 @@ msgid "disabled"
 msgstr "deshabilitado"
 
 msgid "Enter number(s), N)ext, or Q)uit > "
-msgstr "Introduzca número(s), O)tro, o F)in >"
+msgstr "Introduzca número(s), O)tro, o F)in > "
 
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
@@ -4566,11 +4260,10 @@ msgstr "protocolo del servidor de claves inválido (us %d!=handler %d)\n"
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" no es un identificador de clave válido: omitido\n"
 
-#, fuzzy, c-format
-#| msgid "refreshing %d keys from %s\n"
+#, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
-msgstr[0] "renovando %d claves desde %s\n"
+msgstr[0] "renovando %d clave desde %s\n"
 msgstr[1] "renovando %d claves desde %s\n"
 
 #, c-format
@@ -4595,10 +4288,8 @@ msgstr "solicitando clave %s de %s servidor %s\n"
 msgid "requesting key %s from %s\n"
 msgstr "solicitando clave %s de %s\n"
 
-#, fuzzy
-#| msgid "no keyserver action!\n"
 msgid "no keyserver known\n"
-msgstr "¡no se solicita ninguna acción al servidor de claves!\n"
+msgstr "ningún servidor de claves conocido\n"
 
 #, c-format
 msgid "skipped \"%s\": %s\n"
@@ -4608,10 +4299,9 @@ msgstr "omitido \"%s\": %s\n"
 msgid "sending key %s to %s\n"
 msgstr "enviando clave %s a %s\n"
 
-#, fuzzy, c-format
-#| msgid "requesting key %s from %s\n"
+#, c-format
 msgid "requesting key from '%s'\n"
-msgstr "solicitando clave %s de %s\n"
+msgstr "solicitando clave de %s\n"
 
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
@@ -4638,7 +4328,7 @@ msgstr "datos cifrados con la clave pública: DEK correcta\n"
 
 #, c-format
 msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "cifrado con clave %2$s de %1$u bits, ID %3$s, creada el %4$s\n"
+msgstr "cifrado con clave de %u bits %s, ID %s, creada el %s\n"
 
 #, c-format
 msgid "      \"%s\"\n"
@@ -4681,10 +4371,8 @@ msgstr "ATENCIÓN: ¡el mensaje cifrado ha sido manipulado!\n"
 msgid "decryption failed: %s\n"
 msgstr "descifrado fallido: %s\n"
 
-#, fuzzy
-#| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
-msgstr "NOTA: el remitente solicitó \"sólo-para-tus-ojos\"\n"
+msgstr "Atención: el remitente solicitó \"sólo-para-tus-ojos\"\n"
 
 #, c-format
 msgid "original file name='%.*s'\n"
@@ -4725,15 +4413,19 @@ msgstr "Firmado el %s\n"
 msgid "               using %s key %s\n"
 msgstr "               usando %s clave %s\n"
 
+#. Legacy format.
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Firmado el %s usando clave %s ID %s\n"
 
-#, fuzzy, c-format
-#| msgid "                aka \"%s\""
+#, c-format
 msgid "               issuer \"%s\"\n"
-msgstr "                alias \"%s\""
+msgstr "               emisor \"%s\"\n"
 
+#. According to my favorite copy editor, in English grammar,
+#. you say "at" if the key is located on a web page, but
+#. "from" if it is located on a keyserver.  I'm not going to
+#. even try to make two strings here :)
 msgid "Key available at: "
 msgstr "Clave disponible en: "
 
@@ -4744,11 +4436,9 @@ msgstr "[incierto]"
 msgid "                aka \"%s\""
 msgstr "                alias \"%s\""
 
-#, fuzzy, c-format
-#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+#, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
-msgstr ""
-"ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza!\n"
+msgstr "ATENCIÓN: ¡Esta clave no se puede usar para firmar en modo %s!\n"
 
 #, c-format
 msgid "Signature expired %s\n"
@@ -4758,10 +4448,11 @@ msgstr "Firma caducada en %s\n"
 msgid "Signature expires %s\n"
 msgstr "La firma caduca el %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s signature, digest algorithm %s\n"
+#, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
-msgstr "firma %s, algoritmo de resumen %s\n"
+msgstr ""
+"firma %s, algoritmo de resumen %s%s%s\n"
+"\n"
 
 msgid "binary"
 msgstr "binaria"
@@ -4772,14 +4463,15 @@ msgstr "modotexto"
 msgid "unknown"
 msgstr "desconocido"
 
-#, fuzzy
-#| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
-msgstr "Algoritmo de clave pública desconocido"
+msgstr ", algoritmo de clave pública "
 
+#. Not only signature packets in the tree thus this
+#. is not a detached signature.
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
+"ADVERTENCIA: firma no separada; ¡el archivo %s NO ha sido verificado!\n"
 
 #, c-format
 msgid "Can't check signature: %s\n"
@@ -4799,10 +4491,9 @@ msgstr "firma independiente de clase 0x%02x\n"
 msgid "old style (PGP 2.x) signature\n"
 msgstr "firma al viejo estilo (PGP 2.x)\n"
 
-#, fuzzy, c-format
-#| msgid "fstat of `%s' failed in %s: %s\n"
+#, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
-msgstr "fstat de `%s' falló en %s: %s\n"
+msgstr "fstat de '%s' falló en %s: %s\n"
 
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
@@ -4827,23 +4518,20 @@ msgstr "AVISO: usando algoritmo de resumen experimental %s\n"
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "AVISO: el algoritmo de resumen %s está obsoleto\n"
 
-#, fuzzy, c-format
-#| msgid "%s signature, digest algorithm %s\n"
+#, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
-msgstr "firma %s, algoritmo de resumen %s\n"
+msgstr "Atención: las firmas que usan el algoritmo %s son rechazadas\n"
 
-#, fuzzy, c-format
-#| msgid "read error in `%s': %s\n"
+#, c-format
 msgid "(reported error: %s)\n"
-msgstr "error de lectura `%s': %s\n"
+msgstr "(error reportado: %s)\n"
 
-#, fuzzy, c-format
-#| msgid "read error in `%s': %s\n"
+#, c-format
 msgid "(reported error: %s <%s>)\n"
-msgstr "error de lectura `%s': %s\n"
+msgstr "(error reportado: %s <%s>)\n"
 
 msgid "(further info: "
-msgstr ""
+msgstr "(más información: "
 
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
@@ -4861,16 +4549,16 @@ msgstr "por favor use \"%s%s\" en su lugar\n"
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "ATENCIÓN: \"%s\" es una orden obsoleta - no la use\n"
 
-#, fuzzy, c-format
-#| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+#, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
-msgstr "%s:%u: opción obsoleta \"%s\" - no tiene efecto\n"
+msgstr ""
+"%s:%u: opción obsoleta \"%s\"en este archivo - sólo tiene efecto en %s\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+#, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
-msgstr "ATENCIÓN: \"%s\" es una opción obsoleta - no tiene efecto\n"
+msgstr ""
+"ATENCIÓN: \"%s%s\" es una opción obsoleta - no tiene efecto excepto en %s\n"
 
 msgid "Uncompressed"
 msgstr "Sin comprimir"
@@ -4883,30 +4571,26 @@ msgstr "sin_comprimir|ninguno"
 msgid "this message may not be usable by %s\n"
 msgstr "este mensaje podría no ser utilizable por %s\n"
 
-#, fuzzy, c-format
-#| msgid "ambiguous option `%s'\n"
+#, c-format
 msgid "ambiguous option '%s'\n"
-msgstr "opción ambigua `%s'\n"
+msgstr "opción ambigua '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "unknown option `%s'\n"
+#, c-format
 msgid "unknown option '%s'\n"
-msgstr "opción desconocida `%s'\n"
+msgstr "opción desconocida '%s'\n"
 
-#, fuzzy
-#| msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
-msgstr "DSA necesita un resumen cuya longitud sea múltiplo de 8 bits\n"
+msgstr ""
+"Una clave pública ECDSA debe estar en un encoding SEC múltiplo de 8 bits\n"
 
-#, fuzzy, c-format
-#| msgid "Unknown signature type `%s'\n"
+#, c-format
 msgid "unknown weak digest '%s'\n"
-msgstr "Clase de firma desconocida `%s'\n"
+msgstr "algritmo débil de resumen desconocido '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "File `%s' exists. "
+#. Do not overwrite.
+#, c-format
 msgid "File '%s' exists. "
-msgstr "El fichero `%s' ya existe. "
+msgstr "El fichero '%s' ya existe. "
 
 msgid "Overwrite? (y/N) "
 msgstr "¿Sobreescribir? (s/N) "
@@ -4921,10 +4605,9 @@ msgstr "Introduzca nuevo nombre de fichero"
 msgid "writing to stdout\n"
 msgstr "escribiendo en stdout\n"
 
-#, fuzzy, c-format
-#| msgid "assuming signed data in `%s'\n"
+#, c-format
 msgid "assuming signed data in '%s'\n"
-msgstr "asumiendo que hay datos firmados en `%s'\n"
+msgstr "asumiendo que los datos firmados están en '%s'\n"
 
 #, c-format
 msgid "can't handle public key algorithm %d\n"
@@ -4950,47 +4633,40 @@ msgstr "cancelado por el usuario\n"
 
 #, c-format
 msgid " (main key ID %s)"
-msgstr "(ID de clave primaria %s)"
+msgstr " (ID de clave primaria %s)"
 
-#, fuzzy
-#| msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
-msgstr "Introduzca frase contraseña para desproteger el objeto PKCS#12."
+msgstr "Introduzca frase contraseña para desbloquear la clave secreta OpenPGP:"
 
-#, fuzzy
-#| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
-msgstr "Introduzca frase contraseña para proteger el nuevo objeto PKCS#12."
+msgstr "Introduzca frase contraseña para importar la clave secreta OpenPGP:"
 
-#, fuzzy
-#| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
-msgstr "Introduzca frase contraseña para proteger el nuevo objeto PKCS#12."
+msgstr "Introduzca frase contraseña para exportar la subclave secreta OpenPGP:"
 
-#, fuzzy
-#| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
-msgstr "Introduzca frase contraseña para proteger el nuevo objeto PKCS#12."
+msgstr "Introduzca frase contraseña para exportar la clave secreta OpenPGP:"
 
-#, fuzzy
-#| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
-msgstr "¿De verdad quiere borrar las claves seleccionadas? (s/N) "
+msgstr ""
+"De verdad quiere borrar para siempre la subclave secreta de la clave OpenPGP:"
 
-#, fuzzy
-#| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
-msgstr "¿De verdad quiere borrar las claves seleccionadas? (s/N) "
+msgstr "De verdad quiere borrar para siempre la clave secreta OpenPGP:"
 
-#, fuzzy, c-format
-#| msgid "%u-bit %s key, ID %s, created %s"
+#, c-format
 msgid ""
 "%s\n"
 "\"%.*s\"\n"
 "%u-bit %s key, ID %s,\n"
 "created %s%s.\n"
 "%s"
-msgstr "clave %2$s de %1$u bits, ID %3$s, creada el %4$s"
+msgstr ""
+"%s\n"
+"\"%.*s\"\n"
+"clave de %u-bit %s, ID %s,\n"
+"creada el %s%s.\n"
+"%s"
 
 msgid ""
 "\n"
@@ -5008,10 +4684,9 @@ msgstr ""
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Introduzca nombre del fichero JPEG para ID fotográfico: "
 
-#, fuzzy, c-format
-#| msgid "unable to open JPEG file `%s': %s\n"
+#, c-format
 msgid "unable to open JPEG file '%s': %s\n"
-msgstr "Imposible abrir fichero JPEG `%s': %s\n"
+msgstr "Imposible abrir fichero JPEG '%s': %s\n"
 
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
@@ -5020,10 +4695,9 @@ msgstr "¡Este JPEG es realmente grande (%d bytes)!\n"
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "¿Seguro que quiere usarlo? (s/N) "
 
-#, fuzzy, c-format
-#| msgid "`%s' is not a JPEG file\n"
+#, c-format
 msgid "'%s' is not a JPEG file\n"
-msgstr "`%s' no es un fichero JPEG\n"
+msgstr "'%s' no es un fichero JPEG\n"
 
 msgid "Is this photo correct (y/N/q)? "
 msgstr "¿Es correcta la foto? (s/n) "
@@ -5035,7 +4709,7 @@ msgid "No reason specified"
 msgstr "No se dio ninguna razón"
 
 msgid "Key is superseded"
-msgstr "La clave ha sido reemplazada."
+msgstr "La clave ha sido reemplazada"
 
 msgid "Key has been compromised"
 msgstr "La clave ha sido comprometida"
@@ -5052,6 +4726,8 @@ msgstr "razón para la revocación: "
 msgid "revocation comment: "
 msgstr "comentario a la revocación: "
 
+#. A string with valid answers.
+#.
 #. TRANSLATORS: These are the allowed answers in lower and
 #. uppercase.  Below you will find the matching strings which
 #. should be translated accordingly and the letter changed to
@@ -5080,15 +4756,15 @@ msgstr ""
 
 #, c-format
 msgid "  %d = I don't know or won't say\n"
-msgstr " %d = No lo sé o prefiero no decirlo\n"
+msgstr "  %d = No lo sé o prefiero no decirlo\n"
 
 #, c-format
 msgid "  %d = I do NOT trust\n"
-msgstr " %d = NO tengo confianza\n"
+msgstr "  %d = NO tengo confianza\n"
 
 #, c-format
 msgid "  %d = I trust ultimately\n"
-msgstr " %d = confío absolutamente\n"
+msgstr "  %d = confío absolutamente\n"
 
 msgid "  m = back to the main menu\n"
 msgstr "  m = volver al menú principal\n"
@@ -5134,23 +4810,19 @@ msgstr "Esta clave probablemente pertenece al usuario que se nombra\n"
 msgid "This key belongs to us\n"
 msgstr "Esta clave nos pertenece\n"
 
-#, fuzzy, c-format
-#| msgid "root certificate has now been marked as trusted\n"
+#. This can be returned by TOFU, which can return negative
+#. assertions.
+#, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
-msgstr "certificado raíz marcado ahora como fiable\n"
+msgstr "%s: ¡Esta clave es mala! ¡Está marcada como no confiable!\n"
 
-#, fuzzy
-#| msgid ""
-#| "It is NOT certain that the key belongs to the person named\n"
-#| "in the user ID.  If you *really* know what you are doing,\n"
-#| "you may answer the next question with yes.\n"
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
 "question with yes.\n"
 msgstr ""
-"No es seguro que la clave pertenezca a la persona que se nombra en el\n"
-"identificador de usuario. Si *realmente* sabe lo que está haciendo,\n"
+" ¡Esta clave es mala! ¡Está marcada como no confiable! Si *realmente* sabe "
+"lo que está haciendo,\n"
 "puede contestar sí a la siguiente pregunta.\n"
 
 msgid ""
@@ -5188,15 +4860,13 @@ msgstr "ATENCIÓN: ¡Esta clave ha sido revocada por su propietario!\n"
 msgid "Note: This key has been disabled.\n"
 msgstr "Nota: Esta clave está deshabilitada.\n"
 
-#, fuzzy, c-format
-#| msgid "Note: Verified signer's address is `%s'\n"
+#, c-format
 msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Nota: la dirección del firmante verificado es `%s'\n"
+msgstr "Nota: la dirección del firmante verificado es '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "Note: Signer's address `%s' does not match DNS entry\n"
+#, c-format
 msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Nota: la dirección del firmante `%s' no coincide con la entrada DNS\n"
+msgstr "Nota: la dirección del firmante '%s' no coincide con la entrada DNS\n"
 
 msgid "trustlevel adjusted to FULL due to valid PKA info\n"
 msgstr "nivel de confianza puesto a TOTAL (información PKA válida)\n"
@@ -5213,13 +4883,13 @@ msgstr ""
 
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
-msgstr "          No hay indicios de que la firma pertenezca al propietario.\n"
+msgstr "         No hay indicios de que la firma pertenezca al propietario.\n"
 
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "ATENCIÓN: ¡Esta clave NO es de confianza!\n"
 
 msgid "         The signature is probably a FORGERY.\n"
-msgstr "          La firma es probablemente una FALSIFICACIÓN.\n"
+msgstr "         La firma es probablemente una FALSIFICACIÓN.\n"
 
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -5228,7 +4898,7 @@ msgstr ""
 "confianza!\n"
 
 msgid "         It is not certain that the signature belongs to the owner.\n"
-msgstr "          No es seguro que la firma pertenezca al propietario.\n"
+msgstr "         No es seguro que la firma pertenezca al propietario.\n"
 
 #, c-format
 msgid "%s: skipped: %s\n"
@@ -5242,20 +4912,23 @@ msgstr "%s: omitida: clave pública deshabilitada\n"
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: omitida: clave pública ya presente\n"
 
-#, fuzzy, c-format
-#| msgid "can't connect to `%s': %s\n"
+#, c-format
 msgid "can't encrypt to '%s'\n"
-msgstr "no se puede conectar con `%s': %s\n"
+msgstr ""
+"no se puede cifrar a '%s'\n"
+"\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "option '%s' given, but no valid default keys given\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr ""
+"se ha dado la opción %s, pero no se han dado claves predeterminadas válidas\n"
+"\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "option '%s' given, but option '%s' not given\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr ""
+"se ha dado la opción %s, pero no se ha dado la opción '%s'\n"
+"\n"
 
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "No ha especificado un ID de usuario (puede usar \"-r\")\n"
@@ -5312,19 +4985,17 @@ msgstr "leyendo stdin...\n"
 msgid "no signed data\n"
 msgstr "no hay datos firmados\n"
 
-#, fuzzy, c-format
-#| msgid "can't open signed data `%s'\n"
+#, c-format
 msgid "can't open signed data '%s'\n"
-msgstr "imposible abrir datos firmados `%s'\n"
+msgstr "imposible abrir datos firmados '%s'\n"
 
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "imposible abrir datos firmados fd=%d: %s\n"
 
-#, fuzzy, c-format
-#| msgid "certificate is not usable for encryption\n"
+#, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
-msgstr "el certificado no es utilizable para cifrar\n"
+msgstr "la clave %s no se puede usar para cifrar en modo %s\n"
 
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
@@ -5344,13 +5015,10 @@ msgstr "algoritmo de cifrado %d%s desconocido o desactivado\n"
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "NOTA: el cifrado %s no aparece en las preferencias del receptor\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: secret key %s expired at %s\n"
+#, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTA: clave secreta %s caducó el %s\n"
 
-#, fuzzy
-#| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "NOTA: la clave ha sido revocada"
 
@@ -5368,13 +5036,11 @@ msgstr "Será revocado por:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Este es una clave de revocación confidencial)\n"
 
-#, fuzzy
-#| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
-msgstr "Clave secreta disponible.\n"
+msgstr "Clave secreta no disponible.\n"
 
 msgid "Create a designated revocation certificate for this key? (y/N) "
-msgstr "¿Crear un certificado de revocación para esta clave? (s/N)"
+msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
 
 msgid "ASCII armored output forced.\n"
 msgstr "se fuerza salida con armadura ASCII.\n"
@@ -5383,23 +5049,26 @@ msgstr "se fuerza salida con armadura ASCII.\n"
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet falló: %s\n"
 
+#. and issue a usage notice
 msgid "Revocation certificate created.\n"
 msgstr "Certificado de revocación creado.\n"
 
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
-msgstr "no se encuetran claves de revocación para \"%s\"\n"
+msgstr "no se encuentran claves de revocación para \"%s\"\n"
 
-#, fuzzy
-#| msgid "Create a revocation certificate for this key? (y/N) "
 msgid "This is a revocation certificate for the OpenPGP key:"
-msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
+msgstr "Este es un certificado de revocación para la clave OpenPGP:"
 
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
+"Un certificado de revocación es una especie de \"interruptor general\" para "
+"declarar\n"
+"públicamente que una clave no debería usarse más. No es posible deshacer\n"
+"un certificado de este tipo una vez que se publica."
 
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
@@ -5408,34 +5077,42 @@ msgid ""
 "a reason for the revocation.  For details see the description of\n"
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
+"Úsalo para revocar esta clave en caso de un compromiso o pérdida de\n"
+"la clave secreta. De cualquier modo, si la clave secreta está disponible,\n"
+"es mejor generar un nuevo certificado de revocación y dar una razón para la "
+"misma\n"
+"Para más detalles, lee la descripción de la orden gpg \"--generate-revocation"
+"\"\n"
+"en el manual GnuPG."
 
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
+"Para prevenir el uso accidental de este archivo se han insertado dos\n"
+"puntos (:) antes de los 5 guiones debajo. Remueve estos dos puntos\n"
+"con un editor de texto antes de importar y publicar este certificado\n"
+"de revocación."
 
-#, fuzzy, c-format
-#| msgid "Revocation certificate created.\n"
+#, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
-msgstr "Certificado de revocación creado.\n"
+msgstr "certificado de revocación guardado como '%s.rev'\n"
 
-#, fuzzy, c-format
-#| msgid "secret key \"%s\" not found: %s\n"
+#, c-format
 msgid "secret key \"%s\" not found\n"
-msgstr "clave secreta \"%s\" no encontrada: %s\n"
+msgstr "clave secreta \"%s\" no encontrada\n"
 
 #. TRANSLATORS: The %s prints a key specification which
 #. for example has been given at the command line.  Several lines
 #. lines with secret key infos are printed after this message.
 #, c-format
 msgid "'%s' matches multiple secret keys:\n"
-msgstr ""
+msgstr "'%s' coincide con varias claves secretas:\n"
 
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
+#, c-format
 msgid "error searching the keyring: %s\n"
-msgstr "error escribiendo anillo `%s': %s\n"
+msgstr "error buscando el anillo de claves: %s\n"
 
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
@@ -5490,23 +5167,27 @@ msgstr ""
 "¡imposible evitar clave débil para cifrado simétrico después de %d "
 "intentos!\n"
 
-#, fuzzy, c-format
-#| msgid "%s key uses an unsafe (%u bit) hash\n"
+#, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
-msgstr "la clave %s usa un hash inseguro (de %u bits)\n"
+msgstr "la clave %s %s usa un hash inseguro (de %zu bits)\n"
 
-#, fuzzy, c-format
-#| msgid "DSA key %s requires a %u bit or larger hash\n"
+#, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
-msgstr "la clave DSA %s requiere un resumen de %u bits al menos\n"
+msgstr ""
+"la clave %s %s requiere un resumen de %zu bits o mayor (el resumen es de "
+"%s)\n"
 
+#. Sanity check that the md has a context for the hash that the
+#. sig is expecting.  This can happen if a onepass sig header does
+#. not match the actual sig, and also if the clearsign "Hash:"
+#. header is missing or does not match the actual sig.
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "AVISO: conflicto con el resumen de la firma del mensaje\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#. Compliance failure.
+#, c-format
 msgid "key %s may not be used for signing in %s mode\n"
-msgstr "no puede usar %s en modo %s\n"
+msgstr "no puede usar la clave %s para firmar en modo %s\n"
 
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
@@ -5521,23 +5202,19 @@ msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "AVISO: la subclave de cifrado %s tiene un certificado cruzado inválido\n"
 
-#, fuzzy, c-format
-#| msgid "public key %s is %lu second newer than the signature\n"
+#, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
-msgstr[0] "la clave pública %s es %lu segundos más nueva que la firma\n"
+msgstr[0] "la clave pública %s es %lu segundo más nueva que la firma\n"
 msgstr[1] "la clave pública %s es %lu segundos más nueva que la firma\n"
 
-#, fuzzy, c-format
-#| msgid "public key %s is %lu second newer than the signature\n"
+#, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
-msgstr[0] "la clave pública %s es %lu segundos más nueva que la firma\n"
-msgstr[1] "la clave pública %s es %lu segundos más nueva que la firma\n"
+msgstr[0] "la clave pública %s es %lu día más nueva que la firma\n"
+msgstr[1] "la clave pública %s es %lu días más nueva que la firma\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "key %s was created %lu second in the future (time warp or clock problem)\n"
+#, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -5546,12 +5223,10 @@ msgstr[0] ""
 "la clave %s fue creada %lu segundo en el futuro (viaje en el tiempo\n"
 "o problemas con el reloj)\n"
 msgstr[1] ""
-"la clave %s fue creada %lu segundo en el futuro (viaje en el tiempo\n"
+"la clave %s fue creada %lu segundos en el futuro (viaje en el tiempo\n"
 "o problemas con el reloj)\n"
 
-#, fuzzy, c-format
-#| msgid ""
-#| "key %s was created %lu second in the future (time warp or clock problem)\n"
+#, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
 "key %s was created %lu days in the future (time warp or clock problem)\n"
@@ -5559,24 +5234,17 @@ msgstr[0] ""
 "la clave %s fue creada %lu segundo en el futuro (viaje en el tiempo\n"
 "o problemas con el reloj)\n"
 msgstr[1] ""
-"la clave %s fue creada %lu segundo en el futuro (viaje en el tiempo\n"
+"la clave %s fue creada %lu segundos en el futuro (viaje en el tiempo\n"
 "o problemas con el reloj)\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: signature key %s expired %s\n"
+#, c-format
 msgid "Note: signature key %s expired %s\n"
-msgstr "NOTA: clave de la firma %s caducada el %s\n"
+msgstr "NOTA: clave de firmado %s caducada el %s\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: signature key %s has been revoked\n"
+#, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTA: la clave de firmado %s ha sido revocada\n"
 
-#, fuzzy, c-format
-#| msgid "standalone signature of class 0x%02x\n"
-msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
-msgstr "firma independiente de clase 0x%02x\n"
-
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
@@ -5593,13 +5261,14 @@ msgstr "clave %s: no hay subclave para firma de subclave de enlace\n"
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
-"AVISO: no puedo expandir el %% de la url de política . Se usa sin expandir.\n"
+"AVISO: no puedo expandir el %%- de la url de política . Se usa sin "
+"expandir.\n"
 
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr ""
-"AVISO: no puedo expandir el %% de la url de política (demasiado larga).\n"
+"AVISO: no puedo expandir el %%- de la url de política (demasiado larga).\n"
 "Se usa sin expandir.\n"
 
 #, c-format
@@ -5607,7 +5276,7 @@ msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 msgstr ""
-"AVISO: no puedo expandir el %% de la URL del servidor de claves\n"
+"AVISO: no puedo expandir el %%- de la URL del servidor de claves\n"
 "preferido. Se usa sin expandir.\n"
 
 #, c-format
@@ -5654,10 +5323,9 @@ msgstr ""
 "# Lista de valores de confianza asignados, creada %s\n"
 "# (Use \"gpg --import-ownertrust\" para restablecerlos)\n"
 
-#, fuzzy, c-format
-#| msgid "error in `%s': %s\n"
+#, c-format
 msgid "error in '%s': %s\n"
-msgstr "error en `%s': %s\n"
+msgstr "error en '%s': %s\n"
 
 msgid "line too long"
 msgstr "línea demasiado larga"
@@ -5666,34 +5334,31 @@ msgid "colon missing"
 msgstr "falta una coma"
 
 msgid "invalid fingerprint"
-msgstr "huella dactilar no válida"
+msgstr "huella digital no válida"
 
 msgid "ownertrust value missing"
 msgstr "falta el valor de confianza"
 
-#, fuzzy, c-format
-#| msgid "error finding trust record in `%s': %s\n"
+#. error
+#, c-format
 msgid "error finding trust record in '%s': %s\n"
-msgstr "error econtrando registro de confianza en `%s': %s\n"
+msgstr "error intentando encontrar el registro de confianza en '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "read error in `%s': %s\n"
+#, c-format
 msgid "read error in '%s': %s\n"
-msgstr "error de lectura `%s': %s\n"
+msgstr "error de lectura '%s': %s\n"
 
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "base de datos de confianza: fallo sincronización: %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't create lock for `%s'\n"
+#, c-format
 msgid "can't create lock for '%s'\n"
-msgstr "no se puede crear el bloqueo para `%s'\n"
+msgstr "no se puede crear el bloqueo para '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "can't lock `%s'\n"
+#, c-format
 msgid "can't lock '%s'\n"
-msgstr "no se puede bloquear `%s'\n"
+msgstr "no se puede bloquear '%s'\n"
 
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
@@ -5704,6 +5369,7 @@ msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
 "registro base de datos de confianza %lu: escritura fallida (n=%d): %s\n"
 
+#. Hard limit for the cache size reached.
 msgid "trustdb transaction too large\n"
 msgstr "transacción en la base de datos de confianza demasiado grande\n"
 
@@ -5711,10 +5377,9 @@ msgstr "transacción en la base de datos de confianza demasiado grande\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: ¡el directorio no existe!\n"
 
-#, fuzzy, c-format
-#| msgid "can't access `%s': %s\n"
+#, c-format
 msgid "can't access '%s': %s\n"
-msgstr "no se puede acceder a `%s': %s\n"
+msgstr "no se puede acceder a '%s': %s\n"
 
 #, c-format
 msgid "%s: failed to create version record: %s"
@@ -5728,8 +5393,6 @@ msgstr "%s: se ha creado base de datos de confianza inválida\n"
 msgid "%s: trustdb created\n"
 msgstr "%s: se ha creado base de datos de confianza\n"
 
-#, fuzzy
-#| msgid "NOTE: trustdb not writable\n"
 msgid "Note: trustdb not writable\n"
 msgstr "NOTA: no se puede escribir base de datos de confianza\n"
 
@@ -5800,146 +5463,143 @@ msgstr "no se pueden manejar líneas de texto de más de %d caracteres\n"
 msgid "input line longer than %d characters\n"
 msgstr "línea de longitud superior a %d caracteres\n"
 
-#, fuzzy, c-format
-#| msgid "error sending standard options: %s\n"
+#, c-format
 msgid "error beginning transaction on TOFU database: %s\n"
-msgstr "error enviando opciones estándar: %s\n"
+msgstr "error al comenzar transacción con la base de datos TOFU: %s\n"
 
 #, c-format
 msgid "error committing transaction on TOFU database: %s\n"
-msgstr ""
+msgstr "error al guardar la transacción en la base de datos TOFU: %s\n"
 
 #, c-format
 msgid "error rolling back transaction on TOFU database: %s\n"
-msgstr ""
+msgstr "error al deshacer la transacción en la base de datos TOFU: %s\n"
 
-#, fuzzy, c-format
-#| msgid "unsupported algorithm: %s"
+#, c-format
 msgid "unsupported TOFU database version: %s\n"
-msgstr "algoritmo no disponible: %s"
+msgstr "version de base de datos TOFU no soportada: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
 msgid "error creating 'ultimately_trusted_keys' TOFU table: %s\n"
-msgstr "error creando fichero temporal: %s\n"
+msgstr "error al crear tabla TOFU de 'claves confiadas': %s\n"
 
 msgid "TOFU DB error"
-msgstr ""
+msgstr "Error de la base de datos de TOFU"
 
-#, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
+#. The result has the wrong form.
+#, c-format
 msgid "error reading TOFU database: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "error al leer la base de datos TOFU: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing secret keyring `%s': %s\n"
+#. Unexpected success.  This can only happen if there are no
+#. rows.  (select returned 0, but expected ABORT.)
+#, c-format
 msgid "error determining TOFU database's version: %s\n"
-msgstr "error escribiendo anillo privado `%s': %s\n"
+msgstr "error al intentar determinar la versión de la base de datos TOFU: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
+#, c-format
 msgid "error initializing TOFU database: %s\n"
-msgstr "%s: error escribiendo registro de directorio: %s\n"
+msgstr "error iniciando base de datos TOFU: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
+#, c-format
 msgid "error creating 'encryptions' TOFU table: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "error al crear la tabla TOFU 'encryptions': %s\n"
 
 #, c-format
 msgid "adding column effective_policy to bindings DB: %s\n"
 msgstr ""
+"agregando la columna effective_policy a la base de datos bindings: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
+#, c-format
 msgid "error opening TOFU database '%s': %s\n"
-msgstr "error abriendo `%s': %s\n"
+msgstr "error al abrir base de datos TOFU '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
+#, c-format
 msgid "error updating TOFU database: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "error al actualizar la base de datos TOFU: %s\n"
 
 #, c-format
 msgid ""
 "This is the first time the email address \"%s\" is being used with key %s."
 msgstr ""
+"Esta es la primera vez que la dirección de email \"%s\" se usa con la clave "
+"%s."
 
 #, c-format
 msgid "The email address \"%s\" is associated with %d key!"
 msgid_plural "The email address \"%s\" is associated with %d keys!"
 msgstr[0] ""
+"¡La dirección de correo electrónico \"%s\" está asociada a %d claves!"
 msgstr[1] ""
+"¡La dirección de correo electrónico \"%s\" está asociada a %d claves!"
 
 msgid "  Since this binding's policy was 'auto', it has been changed to 'ask'."
 msgstr ""
+"  Como esta política de binding era 'auto', se ha cambiado a 'preguntar'."
 
 #, c-format
 msgid ""
 "Please indicate whether this email address should be associated with key %s "
 "or whether you think someone is impersonating \"%s\"."
 msgstr ""
+"Indica si esta dirección de correo electrónico debería ser asociada a la "
+"clave %s, o si por el contrario crees que es alguien tratando de hacerse "
+"pasar por \"%s\"."
 
-#, fuzzy, c-format
-#| msgid "error getting new PIN: %s\n"
+#, c-format
 msgid "error gathering other user IDs: %s\n"
-msgstr "error obteniendo nuevo PIN: %s\n"
+msgstr "error al obtener otras ID de usuario: %s\n"
 
-#, fuzzy
-#| msgid "list key and user IDs"
 msgid "This key's user IDs:\n"
-msgstr "lista clave e identificadores de usuario"
+msgstr "Las ID de usuario de esta clave:\n"
 
-#, fuzzy, c-format
-#| msgid "Policy: "
+#, c-format
 msgid "policy: %s"
-msgstr "Política: "
+msgstr "política: %s"
 
-#, fuzzy, c-format
-#| msgid "error getting stored flags: %s\n"
+#, c-format
 msgid "error gathering signature stats: %s\n"
-msgstr "error obteniendo parámetros almacenados: %s\n"
+msgstr "error al obtener estadísticas de las firmas: %s\n"
 
 #, c-format
 msgid "The email address \"%s\" is associated with %d key:\n"
 msgid_plural "The email address \"%s\" is associated with %d keys:\n"
 msgstr[0] ""
+"La dirección de correo electrónico \"%s\" está asociada a %d clave:\n"
 msgstr[1] ""
+"La dirección de correo electrónico \"%s\" está asociada a %d claves:\n"
 
 #, c-format
 msgid "Statistics for keys with the email address \"%s\":\n"
 msgstr ""
+"Estadísticas para las claves con la dirección de correo electrónico \"%s\":\n"
 
-#, fuzzy
-#| msgid "list keys"
 msgid "this key"
-msgstr "lista claves"
+msgstr "esta clave"
 
-#, fuzzy, c-format
-#| msgid "print message digests"
+#, c-format
 msgid "Verified %d message."
 msgid_plural "Verified %d messages."
-msgstr[0] "imprime resúmenes de mensaje"
-msgstr[1] "imprime resúmenes de mensaje"
+msgstr[0] "Verificado %d mensaje."
+msgstr[1] "Verificados %d mensajes."
 
-#, fuzzy, c-format
+#, c-format
 msgid "Encrypted %d message."
 msgid_plural "Encrypted %d messages."
-msgstr[0] "el algoritmo de resumen seleccionado no es válido\n"
-msgstr[1] "el algoritmo de resumen seleccionado no es válido\n"
+msgstr[0] "Cifrado %d mensaje."
+msgstr[1] "Cifrados %d mensajes."
 
-#, fuzzy, c-format
-#| msgid "print message digests"
+#, c-format
 msgid "Verified %d message in the future."
 msgid_plural "Verified %d messages in the future."
-msgstr[0] "imprime resúmenes de mensaje"
-msgstr[1] "imprime resúmenes de mensaje"
+msgstr[0] "Verificado %d mensaje en el futuro."
+msgstr[1] "Verificados %d mensajes en el futuro."
 
-#, fuzzy, c-format
+#, c-format
 msgid "Encrypted %d message in the future."
 msgid_plural "Encrypted %d messages in the future."
-msgstr[0] "el algoritmo de resumen seleccionado no es válido\n"
-msgstr[1] "el algoritmo de resumen seleccionado no es válido\n"
+msgstr[0] "Cifrado %d mensaje en el futuro."
+msgstr[1] "Cifrados %d mensajes en el futuro."
 
 #, c-format
 msgid "Messages verified over the past %d day: %d."
@@ -5979,135 +5639,133 @@ msgstr[1] ""
 
 #, c-format
 msgid "Messages verified in the past: %d."
-msgstr ""
+msgstr "Mensajes verificados en el pasado: %d."
 
-#, fuzzy, c-format
+#, c-format
 msgid "Messages encrypted in the past: %d."
-msgstr "el algoritmo de resumen seleccionado no es válido\n"
+msgstr "Mensajes cifrados en el pasado: %d."
 
+#. This is a conflict.
 #. TRANSLATORS: Please translate the text found in the source
 #. * file below.  We don't directly internationalize that text so
 #. * that we can tweak it without breaking translations.
 msgid "TOFU detected a binding conflict"
-msgstr ""
+msgstr "TOFU ha detectado un conflicto de binding"
 
 #. TRANSLATORS: Two letters (normally the lower and upper case
 #. * version of the hotkey) for each of the five choices.  If
 #. * there is only one choice in your language, repeat it.
 msgid "gGaAuUrRbB"
-msgstr ""
+msgstr "bBaAdDrRmM"
 
 msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
 msgstr ""
+"(B)ien, (A)ceptar esta vez, (D)esconocido, (R)echazar esta vez, (M)ala? "
 
 msgid "Defaulting to unknown.\n"
-msgstr ""
+msgstr "Por defecto elegiremos desconocido.\n"
 
 msgid "TOFU db corruption detected.\n"
-msgstr ""
+msgstr "Detectada corrupción en la base de datos TOFU.\n"
 
-#, fuzzy, c-format
-#| msgid "error writing key: %s\n"
+#, c-format
 msgid "resetting keydb: %s\n"
-msgstr "error escribiendo clave: %s\n"
+msgstr "reiniciando base de datos de claves: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error storing flags: %s\n"
+#, c-format
 msgid "error setting TOFU binding's policy to %s\n"
-msgstr "error almacenando parámetros: %s\n"
+msgstr "error al establecer la política de binding TOFU a %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating a pipe: %s\n"
+#, c-format
 msgid "error changing TOFU policy: %s\n"
-msgstr "error creando tubería: %s\n"
+msgstr "error al cambiar la política TOFU: %s\n"
 
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~año"
+msgstr[1] "%lld~años"
 
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~mes"
+msgstr[1] "%lld~meses"
 
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~semana"
+msgstr[1] "%lld~semanas"
 
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~día"
+msgstr[1] "%lld~días"
 
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~hora"
+msgstr[1] "%lld~horas"
 
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~minuto"
+msgstr[1] "%lld~minutos"
 
-#, fuzzy, c-format
-#| msgid "second"
+#, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
-msgstr[0] "segundo"
-msgstr[1] "segundo"
+msgstr[0] "%lld~segundo"
+msgstr[1] "%lld~segundos"
 
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr ""
+msgstr "%s: Verificadas 0~firmas y cifrados 0~mensajes."
 
-#, fuzzy, c-format
-#| msgid "Deleted %d signatures.\n"
+#, c-format
 msgid "%s: Verified 0 signatures."
-msgstr "%d firmas borradas\n"
+msgstr "%s: Verificadas 0 firmas."
 
-#, fuzzy, c-format
-#| msgid "print message digests"
+#, c-format
 msgid "%s: Verified %ld~signature in the past %s."
 msgid_plural "%s: Verified %ld~signatures in the past %s."
-msgstr[0] "imprime resúmenes de mensaje"
-msgstr[1] "imprime resúmenes de mensaje"
+msgstr[0] "%s: Verificada %ld~firma en %s."
+msgstr[1] "%s: Verificadas %ld~firmas en %s."
 
-#, fuzzy
 msgid "Encrypted 0 messages."
-msgstr "el algoritmo de resumen seleccionado no es válido\n"
+msgstr "Cifrados 0 mensajes."
 
-#, fuzzy, c-format
+#, c-format
 msgid "Encrypted %ld~message in the past %s."
 msgid_plural "Encrypted %ld~messages in the past %s."
-msgstr[0] "el algoritmo de resumen seleccionado no es válido\n"
-msgstr[1] "el algoritmo de resumen seleccionado no es válido\n"
+msgstr[0] "Cifrado %ld~mensaje en los últimos %s."
+msgstr[1] "Cifrados %ld~mensajes en los últimos %s."
 
-#, fuzzy, c-format
-#| msgid "Policy: "
+#, c-format
 msgid "(policy: %s)"
-msgstr "Política: "
+msgstr "(política: %s)"
 
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
+"Advertencia: ¡Todavía no hemos visto ningún mensaje firmado con esta clave e "
+"identificador de usuario/a!\n"
 
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
+"Advertencia: ¡sólo hemos visto un mensaje firmado con esta clave e "
+"identificador de usuario!\n"
 
 msgid "Warning: you have yet to encrypt a message to this key!\n"
-msgstr ""
+msgstr "Advertencia: ¡todavía no has cifrado ningún mensaje para esta clave!\n"
 
 msgid "Warning: you have only encrypted one message to this key!\n"
-msgstr ""
+msgstr "Advertencia: ¡sólo has cifrado un mensaje para esta clave!\n"
 
 #, c-format
 msgid ""
@@ -6123,24 +5781,36 @@ msgid_plural ""
 "  %s\n"
 "to mark it as being bad.\n"
 msgstr[0] ""
+"Advertencia: ¡si crees que has visto más firmas de esta clave e "
+"identificador de usuario, puede que esta clave sea falsa! Examina "
+"cuidadosamente la dirección de correo buscando pequeñas variaciones. Si la "
+"clave es sospechosa, usa\n"
+"  %s\n"
+"para marcarla como mala.\n"
 msgstr[1] ""
+"Advertencia: ¡si crees que has visto más firmas de esta clave y estos "
+"identificadores de usuario, puede que esta clave sea falsa! Examina "
+"cuidadosamente la dirección de correo buscando pequeñas variaciones. Si la "
+"clave es sospechosa, usa\n"
+"  %s\n"
+"para marcarla como mala.\n"
 
-#, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
+#, c-format
 msgid "error opening TOFU database: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "error al abrir base de datos TOFU: %s\n"
 
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
+"ADVERTENCIA: Cifrando para %s, que no tiene ningún identificador de usuario "
+"no revocado\n"
 
-#, fuzzy, c-format
-#| msgid "error writing public keyring `%s': %s\n"
+#, c-format
 msgid "error setting policy for key %s, user id \"%s\": %s"
-msgstr "error escribiendo anillo público `%s': %s\n"
+msgstr ""
+"error al establecer política para la clave %s, id de usuario \"%s\": %s"
 
-#, fuzzy, c-format
-#| msgid "`%s' is not a valid long keyID\n"
+#, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' no es un identificador largo de clave válido\n"
 
@@ -6190,19 +5860,17 @@ msgstr "no es necesaria una comprobación de la base de datos de confianza\n"
 msgid "next trustdb check due at %s\n"
 msgstr "siguiente comprobación de base de datos de confianza el: %s\n"
 
-#, fuzzy, c-format
-#| msgid "no need for a trustdb check with `%s' trust model\n"
+#, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr ""
 "no es necesaria una comprobación de la base de datos de confianza\n"
-"con el modelo de confianza `%s'\n"
+"con el modelo de confianza '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "no need for a trustdb update with `%s' trust model\n"
+#, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "no es necesario comprobar la base de datos de confianza\n"
-"con el modelo `%s'\n"
+"con el modelo '%s'\n"
 
 #, c-format
 msgid "public key %s not found: %s\n"
@@ -6214,19 +5882,17 @@ msgstr "por favor haga un --check-trustdb\n"
 msgid "checking the trustdb\n"
 msgstr "comprobando base de datos de confianza\n"
 
-#, fuzzy, c-format
-#| msgid "%lu keys processed so far\n"
+#, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
-msgstr[0] "%lu claves procesadas hasta ahora\n"
-msgstr[1] "%lu claves procesadas hasta ahora\n"
+msgstr[0] "%d clave procesada"
+msgstr[1] "%d claves procesadas"
 
-#, fuzzy, c-format
-#| msgid "%d keys processed (%d validity counts cleared)\n"
+#, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
-msgstr[0] "%d claves procesadas (%d validaciones superadas)\n"
-msgstr[1] "%d claves procesadas (%d validaciones superadas)\n"
+msgstr[0] " (%d validación de cuenta borrada)\n"
+msgstr[1] " (%d validaciones de cuenta borradas)\n"
 
 msgid "no ultimately trusted keys found\n"
 msgstr "no se encuentran claves absolutamente fiables\n"
@@ -6271,8 +5937,6 @@ msgstr "absoluta"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#, fuzzy
-#| msgid "10 translator see trustdb.c:uid_trust_string_fixed"
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "13 no apto para supersticiosos"
 
@@ -6288,10 +5952,8 @@ msgstr "[desconocida]"
 msgid "[  undef ]"
 msgstr "[no definida]"
 
-#, fuzzy
-#| msgid "never"
 msgid "[  never ]"
-msgstr "nunca"
+msgstr "[ nunca ]"
 
 msgid "[marginal]"
 msgstr "[   dudosa  ]"
@@ -6328,16 +5990,12 @@ msgstr "habilita depuración completa"
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Uso: kbxutil [opciones] [ficheros] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: kbxutil [options] [files]\n"
-#| "list, export, import Keybox data\n"
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
 msgstr ""
 "Sintaxis: kbxutil [opciones] [ficheros]\n"
-"listar, exportar, importar datos Keybox\n"
+"Listar, exportar, importar datos Keybox\n"
 
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
@@ -6384,7 +6042,7 @@ msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
-"|NP|Por favor introduzca el PIN Unblocking Code (PUK) para la clave que crea "
+"|P|Introduzca el PIN Unblocking Code (PUK) para que la clave pueda crear "
 "firmas cualificadas."
 
 #, c-format
@@ -6408,10 +6066,8 @@ msgstr "la respuesta no incluye el módulo RSA\n"
 msgid "response does not contain the RSA public exponent\n"
 msgstr "la respuesta no incluye el exponente público RSA\n"
 
-#, fuzzy
-#| msgid "response does not contain the RSA public exponent\n"
 msgid "response does not contain the EC public key\n"
-msgstr "la respuesta no incluye el exponente público RSA\n"
+msgstr "la respuesta no incluye la clave pública EC\n"
 
 msgid "response does not contain the public key data\n"
 msgstr "la respuesta no incluye la clave pública\n"
@@ -6425,30 +6081,31 @@ msgstr "fallo leyendo clave pública: %s\n"
 #. * the %s at the start and end of the string.
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
-msgstr ""
+msgstr "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
-msgstr ""
+msgstr "%sNúmero: %s%%0ATitular: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
 #, c-format
 msgid "Remaining attempts: %d"
-msgstr ""
+msgstr "Intentos disponibles: %d"
 
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "usando PIN por defecto %s\n"
 
+#. Verification of CHV2 with the default PIN failed,
+#. although the card pretends to have the default PIN set as
+#. CHV2.  We better disable the def_chv2 flag now.
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "fallo al usar el PIN por defecto %s: %s - en adelante deshabilitado\n"
 
-#, fuzzy
-#| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
-msgstr "||Por favor introduzca PIN"
+msgstr "||Por favor desbloquee la tarjeta"
 
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
@@ -6461,14 +6118,13 @@ msgstr "la verificación CHV%d falló: %s\n"
 msgid "card is permanently locked!\n"
 msgstr "¡la tarjeta está bloqueada permanentemente!\n"
 
-#, fuzzy, c-format
-#| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+#, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
 "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgstr[0] ""
-"%d intentos quedan para PIN de administrador antes de "
-"bloquearpermanentemente la clave\n"
+"Quedan %d intentos para PIN de administrador antes de bloquear "
+"permanentemente la clave\n"
 msgstr[1] ""
 "%d intentos quedan para PIN de administrador antes de "
 "bloquearpermanentemente la clave\n"
@@ -6495,7 +6151,7 @@ msgstr "Código de Reinicio demasiado corto; longitud mínima %d\n"
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
 msgid "|RN|New Reset Code"
-msgstr "|CR|Nuevo Código de Reinicio"
+msgstr "|RN|Nuevo Código de Reinicio"
 
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Nuevo PIN Administrador"
@@ -6503,15 +6159,11 @@ msgstr "|AN|Nuevo PIN Administrador"
 msgid "|N|New PIN"
 msgstr "|N|Nuevo PIN"
 
-#, fuzzy
-#| msgid "|A|Please enter the Admin PIN"
 msgid "||Please enter the Admin PIN and New Admin PIN"
-msgstr "|A|Por favor introduzca PIN de Administrador"
+msgstr "||Introduzca el PIN de Administrador y el Nuevo PIN de Administrador"
 
-#, fuzzy
-#| msgid "||Please enter the PIN"
 msgid "||Please enter the PIN and New PIN"
-msgstr "||Por favor introduzca PIN"
+msgstr "||Por favor introduzca el PIN y el Nuevo PIN"
 
 msgid "error reading application data\n"
 msgstr "error leyendo datos de la aplicación\n"
@@ -6542,10 +6194,8 @@ msgstr "el primo RSA %s falta o no es de %d bits\n"
 msgid "failed to store the key: %s\n"
 msgstr "fallo al almacenar la clave: %s\n"
 
-#, fuzzy
-#| msgid "unsupported URI"
 msgid "unsupported curve\n"
-msgstr "URI no disponible"
+msgstr "curva no soportada\n"
 
 msgid "please wait while key is being generated ...\n"
 msgstr "por favor, espere mientras se genera la clave ...\n"
@@ -6553,11 +6203,10 @@ msgstr "por favor, espere mientras se genera la clave ...\n"
 msgid "generating key failed\n"
 msgstr "la generación de la clave falló\n"
 
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
+#, c-format
 msgid "key generation completed (%d second)\n"
 msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "generación de clave completada (%d segundos)\n"
+msgstr[0] "generación de clave completada (%d segundo)\n"
 msgstr[1] "generación de clave completada (%d segundos)\n"
 
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
@@ -6583,10 +6232,8 @@ msgstr ""
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "no se puede acceder a %s - ¿tarjeta OpenPGP inválida?\n"
 
-#, fuzzy
-#| msgid "||Please enter your PIN at the reader's keypad"
 msgid "||Please enter your PIN at the reader's pinpad"
-msgstr "||Por favor inntroduzca su PIN en el teclado del lector"
+msgstr "||Por favor introduzca su PIN en el teclado del lector"
 
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
@@ -6598,19 +6245,19 @@ msgid "run in multi server mode (foreground)"
 msgstr "ejecutar en modo multi servidor (primer plano)"
 
 msgid "|LEVEL|set the debugging level to LEVEL"
-msgstr "|NIVEL|poner el nivel de depurado a NIVEL"
+msgstr "|LEVEL|poner el nivel de depurado a NIVEL"
 
 msgid "|FILE|write a log to FILE"
-msgstr "|FICHERO|escribir log en FICHERO"
+msgstr "|FILE|escribir log en FICHERO"
 
 msgid "|N|connect to reader at port N"
 msgstr "|N|conectar el lector al puerto N"
 
 msgid "|NAME|use NAME as ct-API driver"
-msgstr "|NOMBRE|usa NOMBRE como driver ct-API"
+msgstr "|NAME|usa NOMBRE como driver ct-API"
 
 msgid "|NAME|use NAME as PC/SC driver"
-msgstr "|NOMBRE|usa NOMBRE como driver PC/SC"
+msgstr "|NAME|usa NOMBRE como driver PC/SC"
 
 msgid "do not use the internal CCID driver"
 msgstr "no usa el driverd del CCID interno"
@@ -6618,38 +6265,27 @@ msgstr "no usa el driverd del CCID interno"
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|desconectar la tarjeta después de N segundos de inactividad"
 
-#, fuzzy
-#| msgid "do not use a reader's keypad"
 msgid "do not use a reader's pinpad"
-msgstr "no usa el teclado del lector"
+msgstr "no usar el teclado del lector"
 
 msgid "deny the use of admin card commands"
 msgstr "denegar órdenes de administración de la tarjeta"
 
 msgid "use variable length input for pinpad"
-msgstr ""
+msgstr "usar input the largo variable para el pinpad"
 
-#, fuzzy
-#| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
-msgstr "Uso: gpgconf [opciones] (-h para ayuda)"
+msgstr "Uso: @SCDAEMON@ [opciones] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: scdaemon [options] [command [args]]\n"
-#| "Smartcard daemon for GnuPG\n"
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 "Sintaxis: scdaemon [opciones] [orden [args]]\n"
-"Demonio de la tarjeta inteligente para GnuPG\n"
+"Demonio de la tarjeta inteligente para @GNUPG@\n"
 
-#, fuzzy
-#| msgid ""
-#| "please use the option `--daemon' to run the program in the background\n"
 msgid "please use the option '--daemon' to run the program in the background\n"
-msgstr "use la opción `--daemon' para ejectuar el programa en segundo plano\n"
+msgstr "use la opción '--daemon' para ejecutar el programa en segundo plano\n"
 
 #, c-format
 msgid "handler for fd %d started\n"
@@ -6659,10 +6295,8 @@ msgstr "manejador del descriptor %d iniciado\n"
 msgid "handler for fd %d terminated\n"
 msgstr "manejador del descriptor %d terminado\n"
 
-#, fuzzy
-#| msgid "no gpg-agent running in this session\n"
 msgid "no dirmngr running in this session\n"
-msgstr "no hay un agente gpg ejecutándose en esta sesión\n"
+msgstr "no hay agente dirmngr activo en esta sesión\n"
 
 #, c-format
 msgid "validation model requested by certificate: %s"
@@ -6684,15 +6318,12 @@ msgstr "el certificado del emisor no está marcado como CA"
 msgid "critical marked policy without configured policies"
 msgstr "política marcada como crítica sin políticas configuradas"
 
-#, fuzzy, c-format
-#| msgid "failed to open `%s': %s\n"
+#, c-format
 msgid "failed to open '%s': %s\n"
-msgstr "fallo abriendo `%s': %s\n"
+msgstr "fallo al abrir '%s': %s\n"
 
-#, fuzzy
-#| msgid "note: non-critical certificate policy not allowed"
 msgid "Note: non-critical certificate policy not allowed"
-msgstr "nota: no se permiten políticas no críticas de certificados"
+msgstr "Nota: no se permiten políticas no críticas de certificados"
 
 msgid "certificate policy not allowed"
 msgstr "no se permite política de certificado"
@@ -6741,6 +6372,7 @@ msgstr "el certificado aún no es válido"
 msgid "root certificate not yet valid"
 msgstr "el certificado raíz no es válido aún"
 
+#. other
 msgid "intermediate certificate not yet valid"
 msgstr "el certificado intermedio aún no es válido"
 
@@ -6750,6 +6382,7 @@ msgstr "certificado caducado"
 msgid "root certificate has expired"
 msgstr "el certificado raíz ha caducado"
 
+#. other
 msgid "intermediate certificate has expired"
 msgstr "el certificado intermedio ha caducado"
 
@@ -6773,18 +6406,20 @@ msgstr ""
 msgid "  (  signature created at "
 msgstr "  ( firmas creadas en "
 
+#.
 msgid "  (certificate created at "
 msgstr "  (certificado creado en "
 
 msgid "  (certificate valid from "
 msgstr "  (certificado válido desde "
 
+#.
 msgid "  (     issuer valid from "
 msgstr "  (     emisor válido desde "
 
 #, c-format
 msgid "fingerprint=%s\n"
-msgstr "huella dactilar=%s\n"
+msgstr "huella digital=%s\n"
 
 msgid "root certificate has now been marked as trusted\n"
 msgstr "certificado raíz marcado ahora como fiable\n"
@@ -6833,6 +6468,7 @@ msgstr "certificado correcto\n"
 msgid "intermediate certificate is good\n"
 msgstr "certificado intermedio correcto\n"
 
+#. other
 msgid "root certificate is good\n"
 msgstr "certificado raíz correcto\n"
 
@@ -6886,23 +6522,15 @@ msgstr "no se especifica uso de la clave - asumiendo todos los usos\n"
 msgid "error getting key usage information: %s\n"
 msgstr "error obteniendo información sobre uso de la clave: %s\n"
 
-#, fuzzy
-#| msgid "certificate should have not been used for certification\n"
 msgid "certificate should not have been used for certification\n"
 msgstr "el certificado no debería haberse usado para certificar\n"
 
-#, fuzzy
-#| msgid "certificate should have not been used for OCSP response signing\n"
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "el certificado no debería haberse usado para firma en respuesta OCSP\n"
 
-#, fuzzy
-#| msgid "certificate should have not been used for encryption\n"
 msgid "certificate should not have been used for encryption\n"
 msgstr "el certificado no debería haberse usado para cifrar\n"
 
-#, fuzzy
-#| msgid "certificate should have not been used for signing\n"
 msgid "certificate should not have been used for signing\n"
 msgstr "el certificado no debería haberse usado para firmar\n"
 
@@ -6924,74 +6552,63 @@ msgstr "línea %d: longitud de clave inválida %u (válidas de %d a %d)\n"
 msgid "line %d: no subject name given\n"
 msgstr "línea %d: falta nombre de entidad\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid subject name label `%.*s'\n"
+#, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
-msgstr "línea %d: etiqueta con nombre de entidad inválida `%.*s'\n"
+msgstr "línea %d: etiqueta con nombre de entidad inválida '%.*s'\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid subject name `%s' at pos %d\n"
+#, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
-msgstr "línea %d: nombre de entidad inválida `%s' posición %d\n"
+msgstr "línea %d: nombre de entidad inválida '%s' en posición %d\n"
 
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "línea %d: no es una dirección de email válida\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "line %d: invalid serial number\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr "línea %d: número de serie inválido\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid subject name label `%.*s'\n"
+#, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
-msgstr "línea %d: etiqueta con nombre de entidad inválida `%.*s'\n"
+msgstr "línea %d: etiqueta con nombre de emisor no válido '%.*s'\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid subject name `%s' at pos %d\n"
+#, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
-msgstr "línea %d: nombre de entidad inválida `%s' posición %d\n"
+msgstr "línea %d: nombre de emisor no válido '%s' posición %d\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "line %d: invalid date given\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr "línea %d: fecha no válida\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: error getting key by keygrip `%s': %s\n"
+#, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
-msgstr "línea %d: error obteniendo clave con keygrip `%s': %s\n"
+msgstr "línea %d: error al obtener clave de firmado con keygrip '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "line %d: invalid hash algorithm given\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr "línea %d: algoritmo de hash no válido\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "line %d: invalid authority-key-id\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr "línea %d: id de autoridad de clave no válido\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid subject name `%s' at pos %d\n"
+#, c-format
 msgid "line %d: invalid subject-key-id\n"
-msgstr "línea %d: nombre de entidad inválida `%s' posición %d\n"
+msgstr ""
+"línea %d: subject-key-id no válido\n"
+"\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: invalid algorithm\n"
+#, c-format
 msgid "line %d: invalid extension syntax\n"
-msgstr "línea %d: algoritmo inválido\n"
+msgstr "línea %d: sintaxis de estensión no válida\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: error reading key `%s' from card: %s\n"
+#, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
-msgstr "línea %d: error leyendo clave `%s' de la tarjeta: %s\n"
+msgstr "línea %d: error al leer clave '%s' de la tarjeta: %s\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: error getting key by keygrip `%s': %s\n"
+#, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
-msgstr "línea %d: error obteniendo clave con keygrip `%s': %s\n"
+msgstr "línea %d: error obteniendo clave con keygrip '%s': %s\n"
 
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
@@ -7004,6 +6621,10 @@ msgstr ""
 "Para completar este certificado introduzca por favor la frase contraseñapara "
 "la clave que acaba de crear una vez más.\n"
 
+#, c-format
+msgid "   (%d) RSA\n"
+msgstr "   (%d) RSA\n"
+
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Clave existente\n"
@@ -7023,6 +6644,7 @@ msgstr "Número de serie de la tarjeta: %s\n"
 msgid "Available keys:\n"
 msgstr "Claves disponibles:\n"
 
+#. Ask for the key usage.
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Posibles acciones para una clave %s:\n"
@@ -7040,67 +6662,62 @@ msgid "   (%d) encrypt\n"
 msgstr "   (%d) cifrar\n"
 
 msgid "Enter the X.509 subject name: "
-msgstr "Introduzca nombre de entidad para X.509"
+msgstr "Introduzca nombre de entidad para X.509: "
 
 msgid "No subject name given\n"
 msgstr "No se dió nombre de entidad\n"
 
-#, fuzzy, c-format
-#| msgid "Invalid subject name label `%.*s'\n"
+#, c-format
 msgid "Invalid subject name label '%.*s'\n"
-msgstr "Etiqueta de nombre de entidad inválida `%.*s'\n"
+msgstr "Etiqueta de nombre de entidad no válida '%.*s'\n"
 
 #. TRANSLATORS: The 22 in the second string is the
 #. length of the first string up to the "%s".  Please
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#, fuzzy, c-format
-#| msgid "Invalid subject name `%s'\n"
+#, c-format
 msgid "Invalid subject name '%s'\n"
-msgstr "Nombre de entidad inválido `%s'\n"
+msgstr "Nombre de entidad no válido '%s'\n"
 
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "28 visto por el traductor hasta la comilla inclusive"
 
+#. Get the email addresses.
 msgid "Enter email addresses"
-msgstr "Dirección de correo electrónico: "
+msgstr "Dirección de correo electrónico"
 
 msgid " (end with an empty line):\n"
 msgstr " (termine con una línea en blanco):\n"
 
+#. DNS names.
 msgid "Enter DNS names"
 msgstr "Introduzca nombres de DNS"
 
 msgid " (optional; end with an empty line):\n"
 msgstr " (opcional; acabe con una línea en blanco):\n"
 
+#. URIs.
 msgid "Enter URIs"
 msgstr "Introduzca URIs"
 
-#, fuzzy
-#| msgid "Create a designated revocation certificate for this key? (y/N) "
 msgid "Create self-signed certificate? (y/N) "
-msgstr "¿Crear un certificado de revocación para esta clave? (s/N)"
+msgstr "¿Crear un certificado auto-firmado? (s/N)"
 
 msgid "These parameters are used:\n"
-msgstr ""
+msgstr "Se usan estos parámetros:\n"
 
-#, fuzzy
-#| msgid "self-signed certificate has a BAD signature"
 msgid "Now creating self-signed certificate.  "
-msgstr "certificado auto firmado con firma INCORRECTA"
+msgstr "Creando ahora certificado auto firmado. "
 
-#, fuzzy
-#| msgid "Now creating certificate request.  This may take a while ...\n"
 msgid "Now creating certificate request.  "
-msgstr "Creando una petición de certificado.  Puede llevar un rato ...\n"
+msgstr "Creando ahora petición de certificado. "
 
 msgid "This may take a while ...\n"
-msgstr ""
+msgstr "Esto puede tardar un poco ...\n"
 
 msgid "Ready.\n"
-msgstr ""
+msgstr "Listo.\n"
 
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Acabado. Debería mandar esta petición a su CA.\n"
@@ -7114,24 +6731,21 @@ msgstr "(el algoritmo RC2)\n"
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(no parece un mensaje cifrado)\n"
 
-#, fuzzy, c-format
-#| msgid "certificate `%s' not found: %s\n"
+#, c-format
 msgid "certificate '%s' not found: %s\n"
-msgstr "certificado `%s' no encontrado: %s\n"
+msgstr "certificado '%s' no encontrado: %s\n"
 
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "error bloqueando keybox: %s\n"
 
-#, fuzzy, c-format
-#| msgid "duplicated certificate `%s' deleted\n"
+#, c-format
 msgid "duplicated certificate '%s' deleted\n"
-msgstr "certificado duplicado `%s' borrado\n"
+msgstr "certificado duplicado '%s' borrado\n"
 
-#, fuzzy, c-format
-#| msgid "certificate `%s' deleted\n"
+#, c-format
 msgid "certificate '%s' deleted\n"
-msgstr "certificado `%s' borrado\n"
+msgstr "certificado '%s' borrado\n"
 
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
@@ -7146,6 +6760,8 @@ msgstr "lista claves externas"
 msgid "list certificate chain"
 msgstr "lista de cadenas de certificados"
 
+#. ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a keyserver")),
+#. ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a keyserver")),
 msgid "import certificates"
 msgstr "importa certificado"
 
@@ -7183,7 +6799,7 @@ msgid "|N|number of certificates to include"
 msgstr "|N|número de certificados que incluir"
 
 msgid "|FILE|take policy information from FILE"
-msgstr "|FICHERO|tomar política de información de FICHERO"
+msgstr "|FILE|tomar política de información de FICHERO"
 
 msgid "do not check certificate policies"
 msgstr "no comprobar políticas de certificados"
@@ -7195,10 +6811,10 @@ msgid "don't use the terminal at all"
 msgstr "no usa la terminal en absoluto"
 
 msgid "|FILE|write a server mode log to FILE"
-msgstr "|FICHERO|escribir un log en modo servidor en FICHERO"
+msgstr "|FILE|escribir un log en modo servidor en FICHERO"
 
 msgid "|FILE|write an audit log to FILE"
-msgstr "|FICHERO|escribir inform de auditoría a FICHERO"
+msgstr "|FILE|escribir inform de auditoría a FICHERO"
 
 msgid "batch mode: never ask"
 msgstr "proceso por lotes: nunca preguntar"
@@ -7216,48 +6832,39 @@ msgid "assume no on most questions"
 msgstr "asume \"no\" en casi todas las preguntas"
 
 msgid "|FILE|add keyring to the list of keyrings"
-msgstr "|FICHERO|añade este anillo a la lista de anillos"
+msgstr "|FILE|añade este anillo a la lista de anillos"
 
 msgid "|USER-ID|use USER-ID as default secret key"
-msgstr "|ID-USUARIO|usa ID-USUARIO como clave secreta por defecto"
+msgstr "|USER-ID|usa ID-USUARIO como clave secreta por defecto"
 
 msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|ESPEC|usa este servidor para buscar claves"
+msgstr "|SPEC|usa este servidor para buscar claves"
 
 msgid "|NAME|use cipher algorithm NAME"
-msgstr "|NOMBRE|usa el algoritmo de cifrado NOMBRE"
+msgstr "|NAME|usa el algoritmo de cifrado NOMBRE"
 
 msgid "|NAME|use message digest algorithm NAME"
-msgstr "|NOMBRE|usa algoritmo de resumen de mensaje NOMBRE"
+msgstr "|NAME|usa algoritmo de resumen de mensaje NOMBRE"
 
-#, fuzzy
-#| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
-msgstr "Uso: gpg [opciones] [ficheros] (-h para ayuda)"
+msgstr "Uso: @GPGSM@ [opciones] [ficheros] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpgsm [options] [files]\n"
-#| "sign, check, encrypt or decrypt using the S/MIME protocol\n"
-#| "default operation depends on the input data\n"
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
 "Default operation depends on the input data\n"
 msgstr ""
-"Sintaxis: gpgsm [opciones] [ficheros]\n"
-"firma, comprueba, cifra o descifra usando protocolo S/MIME\n"
-"la operación por defecto depende de los datos de entrada\n"
+"Sintaxis: @GPGSM@ [opciones] [ficheros]\n"
+"firma, comprueba, cifra o descifra usando el protocolo S/MIME\n"
+"La operación predeterminada depende de los datos de entrada\n"
 
-#, fuzzy, c-format
-#| msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+#, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
-msgstr "NOTA: no se podrá cifrar a `%s': %s\n"
+msgstr "Nota: no se podrá cifrar a '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "unknown validation model `%s'\n"
+#, c-format
 msgid "unknown validation model '%s'\n"
-msgstr "modelo de validación desconocido `%s'\n"
+msgstr "modelo de validación desconocido '%s'\n"
 
 #, c-format
 msgid "%s:%u: no hostname given\n"
@@ -7274,15 +6881,13 @@ msgstr "%s:%u: omitir esta línea\n"
 msgid "could not parse keyserver\n"
 msgstr "no se puede interpretar el servidor de claves\n"
 
-#, fuzzy, c-format
-#| msgid "importing common certificates `%s'\n"
+#, c-format
 msgid "importing common certificates '%s'\n"
-msgstr "importando certificados comunes `%s'\n"
+msgstr "importando certificados comunes '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "can't sign using `%s': %s\n"
+#, c-format
 msgid "can't sign using '%s': %s\n"
-msgstr "no puedo firmar usando `%s': %s\n"
+msgstr "no puedo firmar usando '%s': %s\n"
 
 msgid "invalid command (there is no implicit command)\n"
 msgstr "orden inválida (no hay orden implícita)\n"
@@ -7338,15 +6943,13 @@ msgstr "Error - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY no tiene valor - usando valor por defecto quizá absurdo\n"
 
-#, fuzzy, c-format
-#| msgid "invalid formatted fingerprint in `%s', line %d\n"
+#, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
-msgstr "formato inválido de huella dactilar en `%s', línea %d\n"
+msgstr "formato incorrecto de huella digital en '%s', línea %d\n"
 
-#, fuzzy, c-format
-#| msgid "invalid country code in `%s', line %d\n"
+#, c-format
 msgid "invalid country code in '%s', line %d\n"
-msgstr "código de país inválido en `%s', línea %d\n"
+msgstr "código de país inválido en '%s', línea %d\n"
 
 #, c-format
 msgid ""
@@ -7380,6 +6983,10 @@ msgstr ""
 "\"%s\"\n"
 "¡Observe que este certificado NO creará una firma cualificada!"
 
+#. case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break;
+#. We don't want to use MD5.
+#. No algorithm found in cert.
+#. Other algorithms.
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "resumen %d (%s) para firmante %d no puede utilizarse; usando %s\n"
@@ -7400,7 +7007,7 @@ msgstr "[no hay fecha]"
 
 #, c-format
 msgid " using certificate ID 0x%08lX\n"
-msgstr "usando el certificado ID 0x%08lX\n"
+msgstr " usando el certificado ID 0x%08lX\n"
 
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -7415,644 +7022,565 @@ msgstr "                alias"
 msgid "This is a qualified signature\n"
 msgstr "Es una firma cualificada\n"
 
-#, fuzzy, c-format
-#| msgid "can't write keyblock: %s\n"
+#, c-format
 msgid "can't initialize certificate cache lock: %s\n"
-msgstr "no puede escribirse el bloque de claves: %s\n"
+msgstr "no se puede iniciar el bloqueo del cache de certificados: %s\n"
 
 #, c-format
 msgid "can't acquire read lock on the certificate cache: %s\n"
-msgstr ""
+msgstr "no puedo conseguir el bloqueo para leer la cache de certificados: %s\n"
 
 #, c-format
 msgid "can't acquire write lock on the certificate cache: %s\n"
 msgstr ""
+"no puedo conseguir el bloqueo para escribir en la cache de certificados: %s\n"
 
-#, fuzzy, c-format
-#| msgid "problem looking for existing certificate: %s\n"
+#, c-format
 msgid "can't release lock on the certificate cache: %s\n"
-msgstr "problema buscando el certificado existente: %s\n"
+msgstr "no puedo desactivar el bloqueo en la cache de certificados: %s\n"
 
-#, fuzzy, c-format
-#| msgid "looking up issuer from the Dirmngr cache\n"
+#, c-format
 msgid "dropping %u certificates from the cache\n"
-msgstr "buscando emisor en el caché de Dirmngr\n"
+msgstr "quitando %u certificados del almacén\n"
 
-#, fuzzy, c-format
-#| msgid "can't create `%s': %s\n"
+#, c-format
 msgid "can't parse certificate '%s': %s\n"
-msgstr "no se puede crear %s: %s\n"
+msgstr "no puedo leer el certificado '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "certificate `%s' deleted\n"
+#, c-format
 msgid "certificate '%s' already cached\n"
-msgstr "certificado `%s' borrado\n"
+msgstr "el certificado '%s' ya estaba almacenado\n"
 
-#, fuzzy, c-format
-#| msgid "duplicated certificate `%s' deleted\n"
+#, c-format
 msgid "trusted certificate '%s' loaded\n"
-msgstr "certificado duplicado `%s' borrado\n"
+msgstr "certificado fiable '%s' borrado\n"
 
-#, fuzzy, c-format
-#| msgid "certificate `%s' deleted\n"
+#, c-format
 msgid "certificate '%s' loaded\n"
-msgstr "certificado `%s' borrado\n"
+msgstr "certificado '%s' cargado\n"
 
-#, fuzzy, c-format
-#| msgid "fingerprint=%s\n"
+#, c-format
 msgid "  SHA1 fingerprint = %s\n"
-msgstr "huella dactilar=%s\n"
+msgstr "  huella digital SHA1 = %s\n"
 
 msgid "   issuer ="
-msgstr ""
+msgstr "   emisor ="
 
 msgid "  subject ="
-msgstr ""
+msgstr "   asunto ="
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error loading certificate '%s': %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error al cargar certificado '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "Included certificates"
+#, c-format
 msgid "permanently loaded certificates: %u\n"
-msgstr "Certificados incluidos"
+msgstr "    certificados cargados permanentemente: %u\n"
 
-#, fuzzy, c-format
-#| msgid "number of matching certificates: %d\n"
+#, c-format
 msgid "    runtime cached certificates: %u\n"
-msgstr "número de certificados coincidentes: %d\n"
+msgstr "certificados almacenados para esta sesión: %u\n"
 
-#, fuzzy, c-format
-#| msgid "number of matching certificates: %d\n"
+#, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
-msgstr "número de certificados coincidentes: %d\n"
+msgstr "                   certificados confiados: %u (%u,%u,%u,%u)\n"
 
-#, fuzzy
-#| msgid "  (certificate created at "
 msgid "certificate already cached\n"
-msgstr "  (certificado creado en "
+msgstr "certificado ya almacenado\n"
 
-#, fuzzy
-#| msgid "certificate is good\n"
 msgid "certificate cached\n"
-msgstr "certificado correcto\n"
+msgstr "certificado almacenado\n"
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error caching certificate: %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error al almacenar certificado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "invalid fingerprint"
+#, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
-msgstr "huella dactilar no válida"
+msgstr "huella digital SHA1 no válida '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error fetching certificate by S/N: %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error al descargar certificado con S/N: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error fetching certificate by subject: %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error al descargar certificado por asunto: %s\n"
 
-#, fuzzy
-#| msgid "no issuer found in certificate"
 msgid "no issuer found in certificate\n"
-msgstr "no se encuentra el emisor de este certificado"
+msgstr "no se encuentra el emisor de este certificado\n"
 
-#, fuzzy, c-format
-#| msgid "error getting stored flags: %s\n"
+#, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
-msgstr "error obteniendo parámetros almacenados: %s\n"
+msgstr "error al obtener authorityKeyIdentifier: %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't create directory `%s': %s\n"
+#, c-format
 msgid "creating directory '%s'\n"
-msgstr "no se puede crear el directorio `%s': %s\n"
+msgstr "creando directorio '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error creating keybox `%s': %s\n"
+#, c-format
 msgid "error creating directory '%s': %s\n"
-msgstr "error creando caja de claves `%s': %s\n"
+msgstr "error al crear directorio '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "ignoring garbage line"
+#, c-format
 msgid "ignoring database dir '%s'\n"
-msgstr "ignorando línea con basura"
+msgstr "ignorando directorio de base de datos '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error reading from %s: %s\n"
+#, c-format
 msgid "error reading directory '%s': %s\n"
-msgstr "error leyendo de %s: %s\n"
+msgstr "error al leer directorio '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "receiving line failed: %s\n"
+#, c-format
 msgid "removing cache file '%s'\n"
-msgstr "fallo recibiendo la línea: %s\n"
+msgstr "removiendo archivo de almacenamiento '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "enarmoring failed: %s\n"
+#, c-format
 msgid "not removing file '%s'\n"
-msgstr "creación de armadura fallida: %s\n"
+msgstr "no se remueve el archivo '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error closing %s: %s\n"
+#, c-format
 msgid "error closing cache file: %s\n"
-msgstr "error cerrando %s: %s\n"
+msgstr "error cerrando archivo de almacenamiento: %s\n"
 
-#, fuzzy, c-format
-#| msgid "failed to open `%s': %s\n"
+#, c-format
 msgid "failed to open cache dir file '%s': %s\n"
-msgstr "fallo abriendo `%s': %s\n"
+msgstr "fallo al abrir archivo de directorio de almacenamiento '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
 msgid "error creating new cache dir file '%s': %s\n"
-msgstr "error creando fichero temporal: %s\n"
+msgstr "error al crear nuevo archivo de almacenamiento '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing secret keyring `%s': %s\n"
+#, c-format
 msgid "error writing new cache dir file '%s': %s\n"
-msgstr "error escribiendo anillo privado `%s': %s\n"
+msgstr "error al escribir nuevo archivo de almacenamiento '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error closing %s: %s\n"
+#, c-format
 msgid "error closing new cache dir file '%s': %s\n"
-msgstr "error cerrando %s: %s\n"
+msgstr "error al cerrar nuevo archivo de almacenamiento '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "new configuration file `%s' created\n"
+#, c-format
 msgid "new cache dir file '%s' created\n"
-msgstr "creado un nuevo fichero de configuración `%s'\n"
+msgstr "creado nuevo archivo de almacenamiento '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "failed to create temporary file `%s': %s\n"
+#, c-format
 msgid "failed to re-open cache dir file '%s': %s\n"
-msgstr "no se puede crear el fichero temporal `%s': %s\n"
+msgstr "no se puede reabrir el archivo de almacenamiento '%s': %s\n"
 
 #, c-format
 msgid "first record of '%s' is not the version\n"
-msgstr ""
+msgstr "la primera entrada de '%s' no es la versión\n"
 
 msgid "old version of cache directory - cleaning up\n"
-msgstr ""
+msgstr "versión antigua del directorio de almacenamiento - limpiando\n"
 
 msgid "old version of cache directory - giving up\n"
-msgstr ""
+msgstr "versión antigua del directorio de almacenamiento - me rindo\n"
 
 #, c-format
 msgid "extra field detected in crl record of '%s' line %u\n"
-msgstr ""
+msgstr "detectado un campo extra en la entrada crl de '%s' línea %u\n"
 
-#, fuzzy, c-format
-#| msgid "invalid country code in `%s', line %d\n"
+#, c-format
 msgid "invalid line detected in '%s' line %u\n"
-msgstr "código de país inválido en `%s', línea %d\n"
+msgstr "línea no válida detectada en '%s', línea %u\n"
 
-#, fuzzy, c-format
-#| msgid "invalid country code in `%s', line %d\n"
+#. Fixme: The duplicate checking used is not very
+#. effective for large numbers of issuers.
+#, c-format
 msgid "duplicate entry detected in '%s' line %u\n"
-msgstr "código de país inválido en `%s', línea %d\n"
+msgstr "entrada duplicada detectada en '%s', línea %u\n"
 
 #, c-format
 msgid "unsupported record type in '%s' line %u skipped\n"
-msgstr ""
+msgstr "tipo de entrada no soportada en '%s', salteada la línea %u\n"
 
-#, fuzzy, c-format
-#| msgid "invalid keyflag in `%s', line %d\n"
+#, c-format
 msgid "invalid issuer hash in '%s' line %u\n"
-msgstr "opción de clave inválida en `%s', línea %d\n"
+msgstr "hash de emisor no válido en '%s', línea %u\n"
 
-#, fuzzy, c-format
-#| msgid "bad fingerprint in `%s', line %d\n"
+#, c-format
 msgid "no issuer DN in '%s' line %u\n"
-msgstr "huella digital incorrecta en `%s', línea %d\n"
+msgstr "no hay DN de emisor en '%s' línea %u\n"
 
-#, fuzzy, c-format
-#| msgid "invalid keyflag in `%s', line %d\n"
+#, c-format
 msgid "invalid timestamp in '%s' line %u\n"
-msgstr "opción de clave inválida en `%s', línea %d\n"
+msgstr "fecha no válida en '%s', línea %u\n"
 
-#, fuzzy, c-format
-#| msgid "invalid keyflag in `%s', line %d\n"
+#, c-format
 msgid "WARNING: invalid cache file hash in '%s' line %u\n"
-msgstr "opción de clave inválida en `%s', línea %d\n"
+msgstr ""
+"ADVERTENCIA: hash de archivo de almacenamiento no válida en '%s', línea %u\n"
 
 msgid "detected errors in cache dir file\n"
-msgstr ""
+msgstr "errores detectados en el archivo de almacenamiento\n"
 
 msgid "please check the reason and manually delete that file\n"
-msgstr ""
+msgstr "chequea el problema y borra este archivo manualmente\n"
 
-#, fuzzy, c-format
-#| msgid "failed to create temporary file `%s': %s\n"
+#, c-format
 msgid "failed to create temporary cache dir file '%s': %s\n"
-msgstr "no se puede crear el fichero temporal `%s': %s\n"
+msgstr "no se puede crear el fichero de almacenamiento temporal '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error closing %s: %s\n"
+#, c-format
 msgid "error closing '%s': %s\n"
-msgstr "error cerrando %s: %s\n"
+msgstr "error al cerrar '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading `%s': %s\n"
+#, c-format
 msgid "error renaming '%s' to '%s': %s\n"
-msgstr "error leyendo `%s': %s\n"
+msgstr "error al renombrar '%s' a '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't access `%s': %s\n"
+#, c-format
 msgid "can't hash '%s': %s\n"
-msgstr "no se puede acceder a `%s': %s\n"
+msgstr "no se puede hacer el hash de '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
+#, c-format
 msgid "error setting up MD5 hash context: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "error al establecer el contexto de hash MD5: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error in `%s': %s\n"
+#, c-format
 msgid "error hashing '%s': %s\n"
-msgstr "error en `%s': %s\n"
+msgstr "error al hacer el hash de '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "invalid formatted fingerprint in `%s', line %d\n"
+#, c-format
 msgid "invalid formatted checksum for '%s'\n"
-msgstr "formato inválido de huella dactilar en `%s', línea %d\n"
+msgstr "formato inválido de huella digital para '%s'\n"
 
 msgid "too many open cache files; can't open anymore\n"
 msgstr ""
+"demasiados archivos de almacenamiento abiertos; ya no puedo abrir más\n"
 
-#, fuzzy, c-format
-#| msgid "sending line failed: %s\n"
+#, c-format
 msgid "opening cache file '%s'\n"
-msgstr "fallo mandando la línea: %s\n"
+msgstr "abriendo archivo de almacenamiento '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
+#, c-format
 msgid "error opening cache file '%s': %s\n"
-msgstr "error abriendo `%s': %s\n"
+msgstr "error al abrir archivo de almacenamiento '%s': %s\n"
 
 #, c-format
 msgid "error initializing cache file '%s' for reading: %s\n"
 msgstr ""
+"error al inicializar el archivo de almacenamiento '%s' para lectura: %s\n"
 
 msgid "calling unlock_db_file on a closed file\n"
-msgstr ""
+msgstr "llamando unlock_db_file para un archivo cerrado\n"
 
 msgid "calling unlock_db_file on an unlocked file\n"
-msgstr ""
+msgstr "llamando unlock_db_file para un archivo ya desbloqueado\n"
 
-#, fuzzy, c-format
-#| msgid "failed to create stream from socket: %s\n"
+#, c-format
 msgid "failed to create a new cache object: %s\n"
-msgstr "fallo al crear un flujo desde el socket: %s\n"
+msgstr "fallo al crear un nuevo objecto de almacenamiento: %s\n"
 
-#, fuzzy, c-format
-#| msgid "No help available for `%s'"
+#, c-format
 msgid "no CRL available for issuer id %s\n"
-msgstr "No hay ayuda disponible para `%s'"
+msgstr "No hay CRL disponible para el identificador de emisor %s\n"
 
 #, c-format
 msgid "cached CRL for issuer id %s too old; update required\n"
 msgstr ""
+"el CRL almacenado para el identificador de emisor %s es demasiado antiguo; "
+"se requiere una actualización\n"
 
 #, c-format
 msgid ""
 "force-crl-refresh active and %d minutes passed for issuer id %s; update "
 "required\n"
 msgstr ""
+"force-crl-refresh activado y han pasado %d minutos para el identificador de "
+"emisor %s; se requiere una actualización\n"
 
 #, c-format
 msgid "force-crl-refresh active for issuer id %s; update required\n"
 msgstr ""
+"force-crl-refresh activado para el identificador de emisor %s; se requiere "
+"una actualización\n"
+"\n"
 
 #, c-format
 msgid "available CRL for issuer ID %s can't be used\n"
 msgstr ""
+"no se puede usar el CRL disponible para el identificador de emisor %s\n"
 
 #, c-format
 msgid "cached CRL for issuer id %s tampered; we need to update\n"
 msgstr ""
+"el CRL almacenado en local para el identificador de emisor %s ha sido "
+"toqueteado; necesitamos actualizar\n"
 
 msgid "WARNING: invalid cache record length for S/N "
-msgstr ""
+msgstr "ATENCIÓN: largo de entrada de almacenamiento no válido para S/N"
 
-#, fuzzy, c-format
-#| msgid "error reading dir record for LID %lu: %s\n"
+#, c-format
 msgid "problem reading cache record for S/N %s: %s\n"
-msgstr "error leyendo registro de directorio del LID %lu: %s\n"
+msgstr "problemas leyendo la entrada de cache para S/N %s: %s\n"
 
 #, c-format
 msgid "S/N %s is not valid; reason=%02X  date=%.15s\n"
-msgstr ""
+msgstr "S/N %s no es válido; razón=%02X  fecha=%.15s\n"
 
 #, c-format
 msgid "S/N %s is valid, it is not listed in the CRL\n"
-msgstr ""
+msgstr "S/N %s es válido, no está listado en el CRL\n"
 
-#, fuzzy, c-format
-#| msgid "error getting stored flags: %s\n"
+#, c-format
 msgid "error getting data from cache file: %s\n"
-msgstr "error obteniendo parámetros almacenados: %s\n"
+msgstr "error al obtener datos del archivo de almacenamiento: %s\n"
 
-#, fuzzy, c-format
-#| msgid "invalid hash algorithm `%s'\n"
+#, c-format
 msgid "unknown hash algorithm '%s'\n"
-msgstr "algoritmo de distribución inválido `%s'\n"
+msgstr "algoritmo hash inválido '%s'\n"
 
 #, c-format
 msgid "gcry_md_open for algorithm %d failed: %s\n"
-msgstr ""
+msgstr "gcry_md_open para algoritmo %d ha fallado: %s\n"
 
-#, fuzzy
-#| msgid "invalid response from agent\n"
 msgid "got an invalid S-expression from libksba\n"
-msgstr "respuesta del agente inválida\n"
+msgstr "respuesta S-expression de libksba no válida\n"
 
-#, fuzzy, c-format
-#| msgid "changing permission of  `%s' failed: %s\n"
+#, c-format
 msgid "converting S-expression failed: %s\n"
-msgstr "al cambiar permisos de `%s' ocurrió el fallo: %s\n"
+msgstr "he fallado al convertir la expresión S-expression: %s\n"
 
-#, fuzzy, c-format
-#| msgid "changing permission of  `%s' failed: %s\n"
+#, c-format
 msgid "creating S-expression failed: %s\n"
-msgstr "al cambiar permisos de `%s' ocurrió el fallo: %s\n"
+msgstr "fallo al crear S-expression: %s\n"
 
-#, fuzzy, c-format
-#| msgid "build_packet failed: %s\n"
+#, c-format
 msgid "ksba_crl_parse failed: %s\n"
-msgstr "construcción del paquete fallida: %s\n"
+msgstr "ha fallado ksba_crl_parse: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error getting serial number of card: %s\n"
+#, c-format
 msgid "error getting update times of CRL: %s\n"
 msgstr "error obteniendo el número de serie de la tarjeta: %s\n"
 
 #, c-format
 msgid "update times of this CRL: this=%s next=%s\n"
-msgstr ""
+msgstr "fechas de actualización de este CRL: esta=%s próxima=%s\n"
 
 msgid "nextUpdate not given; assuming a validity period of one day\n"
-msgstr ""
+msgstr "no se ha dado nextUpdate, asumiento un período de validez de un día\n"
 
-#, fuzzy, c-format
-#| msgid "error getting new PIN: %s\n"
+#, c-format
 msgid "error getting CRL item: %s\n"
-msgstr "error obteniendo nuevo PIN: %s\n"
+msgstr "error al obtener un objeto CRL: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing to temporary file: %s\n"
+#, c-format
 msgid "error inserting item into temporary cache file: %s\n"
-msgstr "error escribiendo en el fichero temporal: %s\n"
+msgstr "error al insertar objeto en el alacenamiento temporal: %s\n"
 
-#, fuzzy, c-format
-#| msgid "no issuer found in certificate"
+#, c-format
 msgid "no CRL issuer found in CRL: %s\n"
-msgstr "no se encuentra el emisor de este certificado"
+msgstr "no se encuentra el emisor en el CRL: %s\n"
 
 msgid "locating CRL issuer certificate by authorityKeyIdentifier\n"
-msgstr ""
+msgstr "buscando el certificado de emisor CRL por authorityKeyIdentifier\n"
 
-#, fuzzy, c-format
-#| msgid "signature verification suppressed\n"
+#, c-format
 msgid "CRL signature verification failed: %s\n"
-msgstr "suprimida la verificación de la firma\n"
+msgstr "ha fallado la verificación CRL de la firma: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading list of trusted root certificates\n"
+#, c-format
 msgid "error checking validity of CRL issuer certificate: %s\n"
-msgstr "error leyendo la lista de certificados raíz fiables\n"
+msgstr "error al verificar la validez del emisor del certificado CRL: %s\n"
 
-#, fuzzy, c-format
-#| msgid "select failed: %s\n"
+#, c-format
 msgid "ksba_crl_new failed: %s\n"
-msgstr "select fallido: %s\n"
+msgstr "ha fallado ksba_crl_new: %s\n"
 
-#, fuzzy, c-format
-#| msgid "read failed: %s\n"
+#, c-format
 msgid "ksba_crl_set_reader failed: %s\n"
-msgstr "lectura fallida: %s\n"
+msgstr "ha fallado ksba_crl_set_reader: %s\n"
 
-#, fuzzy, c-format
-#| msgid "failed to create temporary file `%s': %s\n"
+#, c-format
 msgid "removed stale temporary cache file '%s'\n"
-msgstr "no se puede crear el fichero temporal `%s': %s\n"
+msgstr "se ha removido el fichero temporal de almacenamiento en desuso '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "failed to create temporary file `%s': %s\n"
+#, c-format
 msgid "problem removing stale temporary cache file '%s': %s\n"
-msgstr "no se puede crear el fichero temporal `%s': %s\n"
+msgstr ""
+"problema al remover el fichero temporal de almacenamiento en desuso '%s': "
+"%s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
 msgid "error creating temporary cache file '%s': %s\n"
-msgstr "error creando fichero temporal: %s\n"
+msgstr "error al crear fichero temporal de almacenamiento '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "lid ?: insert failed: %s\n"
+#, c-format
 msgid "crl_parse_insert failed: %s\n"
-msgstr "lid ?: inserción fallida: %s\n"
+msgstr "ha fallado crl_parse_insert: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing to temporary file: %s\n"
+#, c-format
 msgid "error finishing temporary cache file '%s': %s\n"
-msgstr "error escribiendo en el fichero temporal: %s\n"
+msgstr "error al finalizar fichero temporal de almacenamiento '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
 msgid "error closing temporary cache file '%s': %s\n"
-msgstr "error creando fichero temporal: %s\n"
+msgstr "error al cerrar fichero temporal de almacenamiento '%s': %s\n"
 
 #, c-format
 msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n"
 msgstr ""
+"ADVERTENCIA: el nuevo CRL es también anticuado; caducó el %s - cargándolo de "
+"todos modos\n"
 
 #, c-format
 msgid "new CRL still too old; it expired on %s\n"
-msgstr ""
+msgstr "el nuevo CRL está anticuado; caducó el %s\n"
 
 #, c-format
 msgid "unknown critical CRL extension %s\n"
-msgstr ""
+msgstr "extensión crítica CRL desconocida %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading input: %s\n"
+#, c-format
 msgid "error reading CRL extensions: %s\n"
-msgstr "error leyendo entrada: %s\n"
+msgstr "error al leer las extensiones CRL: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating a pipe: %s\n"
+#, c-format
 msgid "creating cache file '%s'\n"
-msgstr "error creando tubería: %s\n"
+msgstr "creando fichero de almacenamiento '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "renaming `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "problem renaming '%s' to '%s': %s\n"
-msgstr "renombrando `%s' en `%s' fallo: %s\n"
+msgstr "problema al renombrar '%s' a '%s': %s\n"
 
 msgid ""
 "updating the DIR file failed - cache entry will get lost with the next "
 "program start\n"
 msgstr ""
+"ha fallado la actualización del archivo DIR - la entrada del almacenamiento "
+"local se perderá al reiniciar el programa\n"
 
 #, c-format
 msgid "Begin CRL dump (retrieved via %s)\n"
-msgstr ""
+msgstr "Comienzo del dump CRL (obtenido mediante %s)\n"
 
 msgid ""
 " ERROR: The CRL will not be used because it was still too old after an "
 "update!\n"
 msgstr ""
+" ERROR: ¡El CRL no se usará porque todavía es demasiado antiguo incluso "
+"luego de una actualización!\n"
 
+# qué es una 'extensión crítica desconocida'? dice que falta?
 msgid ""
 " ERROR: The CRL will not be used due to an unknown critical extension!\n"
 msgstr ""
+" ERROR: El CRL no se usará a causa de una extensión crítica desconocida!\n"
+"\n"
 
 msgid " ERROR: The CRL will not be used\n"
-msgstr ""
+msgstr " ERROR: No se usará el CRL\n"
 
 msgid " ERROR: This cached CRL may have been tampered with!\n"
 msgstr ""
+" ERROR: ¡Puede que alguien haya manipulado este CRL almacenado en local!\n"
 
-#, fuzzy
-#| msgid "WARNING: invalid size of random_seed file - not used\n"
 msgid " WARNING: invalid cache record length\n"
-msgstr ""
-"ATENCIÓN: tamaño incorrecto del fichero de semillas aleatorias - no se usa\n"
+msgstr " ATENCIÓN: largo de entrada de almacenamiento no válido\n"
 
-#, fuzzy, c-format
-#| msgid "error reading the card: %s\n"
+#, c-format
 msgid "problem reading cache record: %s\n"
-msgstr "error leyendo la tarjeta: %s\n"
+msgstr "error al leer entrada de almacenamiento: %s\n"
 
-#, fuzzy, c-format
-#| msgid "problem re-searching certificate: %s\n"
+#, c-format
 msgid "problem reading cache key: %s\n"
-msgstr "problema re-buscando el certificado: %s\n"
+msgstr "problema al leer clave de almacenamiento: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading nonce on fd %d: %s\n"
+#, c-format
 msgid "error reading cache entry from db: %s\n"
-msgstr "error leyendo valor único en el descriptor %d: %s\n"
+msgstr "error al leer entrada de almacenamiento de la base de datos: %s\n"
 
 msgid "End CRL dump\n"
-msgstr ""
+msgstr "Terminar el dump de CRL\n"
 
-#, fuzzy, c-format
-#| msgid "read failed: %s\n"
+#, c-format
 msgid "crl_fetch via DP failed: %s\n"
-msgstr "lectura fallida: %s\n"
+msgstr "ha fallado crl_fetch via DP: %s\n"
 
-#, fuzzy, c-format
-#| msgid "lid ?: insert failed: %s\n"
+#, c-format
 msgid "crl_cache_insert via DP failed: %s\n"
-msgstr "lid ?: inserción fallida: %s\n"
+msgstr "ha fallado crl_cache_insert via DP: %s\n"
 
-#, fuzzy, c-format
-#| msgid "receiving line failed: %s\n"
+#, c-format
 msgid "crl_cache_insert via issuer failed: %s\n"
-msgstr "fallo recibiendo la línea: %s\n"
+msgstr "ha fallado crl_cache_insert via emisor: %s\n"
 
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
 msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
+msgstr "usando \"http\" en lugar de \"https\"\n"
 
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
-msgstr ""
+msgstr "el acceso CRL no es posible debido a que %s está desactivado\n"
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
+#, c-format
 msgid "error initializing reader object: %s\n"
-msgstr "%s: error escribiendo registro de directorio: %s\n"
+msgstr "error al inicializar objeto lector: %s\n"
 
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
+msgstr "URL '%s' redirigida a '%s' (%u)\n"
 
-#, fuzzy
-#| msgid "too many cipher preferences\n"
 msgid "too many redirections\n"
-msgstr "demasiadas preferencias de cifrado\n"
+msgstr "demasiadas redirecciones\n"
 
-#, fuzzy, c-format
-#| msgid "error retrieving `%s' via %s: %s\n"
+#. Made up status code for error reporting.
+#, c-format
 msgid "error retrieving '%s': %s\n"
-msgstr "error recuperando `%s' vía %s: %s\n"
+msgstr "error recuperando '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
+#, c-format
 msgid "error retrieving '%s': http status %u\n"
-msgstr "error ejecutando `%s': código de finalización %d\n"
+msgstr "error recurerando '%s': status http %u\n"
 
-#, fuzzy
-#| msgid "certificate `%s' not found: %s\n"
+#. For now we do not support LDAP over Tor.
 msgid "CRL access not possible due to Tor mode\n"
-msgstr "certificado `%s' no encontrado: %s\n"
+msgstr "el acceso a CRL no es posible a causa del modo Tor\n"
 
-#, fuzzy, c-format
-#| msgid "certificate `%s' not found: %s\n"
+#, c-format
 msgid "certificate search not possible due to disabled %s\n"
-msgstr "certificado `%s' no encontrado: %s\n"
+msgstr ""
+"búsqueda de certificado imposible a causa de que %s está deshabilitado\n"
+"\n"
 
 msgid "use OCSP instead of CRLs"
-msgstr ""
+msgstr "usar OCSP en lugar de CRLs"
 
 msgid "check whether a dirmngr is running"
-msgstr ""
+msgstr "verifica si hay un dirmngr corriendo"
 
-#, fuzzy
-#| msgid "  (certificate created at "
 msgid "add a certificate to the cache"
-msgstr "  (certificado creado en "
+msgstr "añadir un certificado al almacenamiento local"
 
-#, fuzzy
-#| msgid "bad certificate"
 msgid "validate a certificate"
-msgstr "certificado incorrecto"
+msgstr "valida el certificado"
 
-#, fuzzy
-#| msgid "bad certificate"
 msgid "lookup a certificate"
-msgstr "certificado incorrecto"
+msgstr "busca un certificado"
 
-#, fuzzy
-#| msgid "Included certificates"
 msgid "lookup only locally stored certificates"
-msgstr "Certificados incluidos"
+msgstr "busca sólo en los certificados almacenados localmente"
 
 msgid "expect an URL for --lookup"
-msgstr ""
+msgstr "espera recibir una URL con --lookup"
 
-#, fuzzy
-#| msgid "pass a command to the dirmngr"
 msgid "load a CRL into the dirmngr"
-msgstr "pasar una orden a dirmngr"
+msgstr "cargar un CRL en el dirmngr"
 
 msgid "special mode for use by Squid"
-msgstr ""
+msgstr "modo especial para usar con Squid"
 
-#, fuzzy
-#| msgid "export certificates"
 msgid "expect certificates in PEM format"
-msgstr "exporta certificado"
+msgstr "esperar recibir certificados en formato PEM"
 
-#, fuzzy
-#| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
-msgstr "Introduzca el ID de usuario del revocador designado: "
+msgstr "forzar el uso del contestador OCSP predeterminado"
 
-#, fuzzy
-#| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
-msgstr "Uso: gpg [opciones] [ficheros] (-h para ayuda)"
+msgstr "Uso: dirmngr-client  [opciones] [fichero|patrón] (-h para ayuda)\n"
 
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
@@ -8060,492 +7588,419 @@ msgid ""
 "The process returns 0 if the certificate is valid, 1 if it is\n"
 "not valid and other error codes for general failures\n"
 msgstr ""
+"Syntaxis: dirmngr-client [opciones] [fichero|patrón]\n"
+"Chequea un certificado X.509 contra un CRL o realiza un chequeo OCSP\n"
+"El proceso devuelve 0 si el certificado es válido, 1 si no lo es\n"
+"y otros códigos de error para fallos generales\n"
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error reading certificate from stdin: %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error al leer certificado de stdin: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading from %s: %s\n"
+#, c-format
 msgid "error reading certificate from '%s': %s\n"
-msgstr "error leyendo de %s: %s\n"
+msgstr "error al leer certificado de '%s': %s\n"
 
 msgid "certificate too large to make any sense\n"
-msgstr ""
+msgstr "certificado demasiado grande para ser correcto\n"
 
-#, fuzzy, c-format
-#| msgid "can't connect to `%s': %s\n"
+#, c-format
 msgid "can't connect to the dirmngr: %s\n"
-msgstr "no se puede conectar con `%s': %s\n"
+msgstr "no se puede conectar con el dirmngr: %s\n"
 
-#, fuzzy, c-format
-#| msgid "update failed: %s\n"
+#, c-format
 msgid "lookup failed: %s\n"
-msgstr "actualización fallida: %s\n"
+msgstr "ha fallado la búsqueda: %s\n"
 
-#, fuzzy, c-format
-#| msgid "renaming `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "loading CRL '%s' failed: %s\n"
-msgstr "renombrando `%s' en `%s' fallo: %s\n"
+msgstr "ha fallado la carga del CRL '%s': %s\n"
 
 msgid "a dirmngr daemon is up and running\n"
-msgstr ""
+msgstr "hay un demonio dirmngr en ejecución\n"
 
-#, fuzzy, c-format
-#| msgid "deleting certificate \"%s\" failed: %s\n"
+#, c-format
 msgid "validation of certificate failed: %s\n"
-msgstr "borrado del certificado \"%s\" fallido: %s\n"
+msgstr "ha fallado la validación del certificado: %s\n"
 
-#, fuzzy
-#| msgid "certificate is good\n"
 msgid "certificate is valid\n"
 msgstr "certificado correcto\n"
 
-#, fuzzy
-#| msgid "certificate has been revoked"
 msgid "certificate has been revoked\n"
-msgstr "el certificado ha sido revocado"
+msgstr "el certificado ha sido revocado\n"
 
-#, fuzzy, c-format
-#| msgid "deleting certificate \"%s\" failed: %s\n"
+#, c-format
 msgid "certificate check failed: %s\n"
-msgstr "borrado del certificado \"%s\" fallido: %s\n"
+msgstr "ha fallado el chequeo del certificado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "can't stat `%s': %s\n"
+#, c-format
 msgid "got status: '%s'\n"
-msgstr "no se puede obtener información de `%s': %s\n"
+msgstr "obtenido el estado '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error writing secret keyring `%s': %s\n"
+#, c-format
 msgid "error writing base64 encoding: %s\n"
-msgstr "error escribiendo anillo privado `%s': %s\n"
+msgstr "error al escribir con encoding base64: %s\n"
 
-#, fuzzy, c-format
-#| msgid "unsupported algorithm: %s"
+#, c-format
 msgid "unsupported inquiry '%s'\n"
-msgstr "algoritmo no disponible: %s"
+msgstr "pregunta no soportada '%s'\n"
 
 msgid "absolute file name expected\n"
-msgstr ""
+msgstr "espero la ruta absoluta del archivo\n"
 
 #, c-format
 msgid "looking up '%s'\n"
-msgstr ""
+msgstr "buscando '%s'\n"
 
 msgid "list the contents of the CRL cache"
-msgstr ""
+msgstr "listar los contenidos del almacenamiento CRL"
 
-#, fuzzy
-#| msgid "|FILE|run commands from FILE on startup"
 msgid "|FILE|load CRL from FILE into cache"
-msgstr "|FICHERO|ejecuta órdenes de FICHERO al empezar"
+msgstr "|FILE|carga CRL de FILE al empezar"
 
 msgid "|URL|fetch a CRL from URL"
-msgstr ""
+msgstr "|URL|carga un CRL de una URL"
 
-#, fuzzy
-#| msgid "pass a command to the dirmngr"
 msgid "shutdown the dirmngr"
-msgstr "pasar una orden a dirmngr"
+msgstr "apaga el dirmngr"
 
 msgid "flush the cache"
 msgstr ""
 
 msgid "|FILE|write server mode logs to FILE"
-msgstr "|FICHERO|escribir logs en modo servidor en FICHERO"
+msgstr "|FILE|escribir logs en modo servidor en FICHERO"
 
-#, fuzzy
-#| msgid "Quit without saving? (y/N) "
 msgid "run without asking a user"
-msgstr "¿Salir sin grabar? (s/N) "
+msgstr "arrancar sin preguntar a un usuario"
 
 msgid "force loading of outdated CRLs"
-msgstr ""
+msgstr "forzar la carga de CRLs caducados"
 
-#, fuzzy
-#| msgid "allow PKA lookups (DNS requests)"
 msgid "allow sending OCSP requests"
-msgstr "permitir búsquedas PKA (peticiones DNS)"
+msgstr "permitir el envío de búsquedas OSCP"
 
 msgid "allow online software version check"
-msgstr ""
+msgstr "permitir el chequeo online de versiones de software"
 
 msgid "inhibit the use of HTTP"
-msgstr ""
+msgstr "inhibir el uso de HTTP"
 
 msgid "inhibit the use of LDAP"
-msgstr ""
+msgstr "inhibir el uso de LDAP"
 
 msgid "ignore HTTP CRL distribution points"
-msgstr ""
+msgstr "ignorar puntos de distribución CRL HTTP"
 
 msgid "ignore LDAP CRL distribution points"
-msgstr ""
+msgstr "ignorar puntos de distribución CRL LDAP"
 
 msgid "ignore certificate contained OCSP service URLs"
-msgstr ""
+msgstr "ignorar URLs de servicio contenidas en los certificados OSCP"
 
 msgid "|URL|redirect all HTTP requests to URL"
-msgstr ""
+msgstr "|URL|redirigir todos los pedidos HTTP a URL"
 
 msgid "|HOST|use HOST for LDAP queries"
-msgstr ""
+msgstr "|HOST|usar HOST para las consultas LDAP"
 
 msgid "do not use fallback hosts with --ldap-proxy"
-msgstr ""
+msgstr "no usar hosts de reserva con --ldap-proxy"
 
-#, fuzzy
-#| msgid "|FILE|read options from FILE"
 msgid "|FILE|read LDAP server list from FILE"
-msgstr "|FICHERO|lee opciones desde FICHERO"
+msgstr "|FILE|lee lista de servidores LDAP de FILE"
 
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
+"añadir nuevos servidores descubiertos en los puntos de distribución CRL a la "
+"lista de servidores"
 
-#, fuzzy
-#| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set LDAP timeout to N seconds"
-msgstr "|N|establecer vida máxima del caché de PIN en N segundos"
+msgstr "|N|establecer vida máxima de LDAP en N segundos"
 
-#, fuzzy
-#| msgid "|URL|use keyserver at URL"
 msgid "|URL|use OCSP responder at URL"
-msgstr "|URL|usar servidor de claves en URL"
+msgstr "|URL|usar contestador OSCP en la URL"
 
 msgid "|FPR|OCSP response signed by FPR"
-msgstr ""
+msgstr "|FPR|respuesta OCSP firmada por FPR"
 
 msgid "|N|do not return more than N items in one query"
-msgstr ""
+msgstr "|N|no devolver más de N items en una consulta"
 
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
-msgstr ""
+msgstr "|FILE|usar los certificados CA en FILE para HKP a través de TLS"
 
 msgid "route all network traffic via Tor"
-msgstr ""
+msgstr "enrutar todo el tráfico a través de Tor"
 
 # ordenes -> órdenes
 # página man -> página de manual
 # Vale. ¿del manual mejor?
 # Hmm, no sé, en man-db se usa "de". La verdad es que no lo he pensado.
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "(See the man page for a complete listing of all commands and options)\n"
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
 "options)\n"
 msgstr ""
 "@\n"
-"(Véase en la página del manual la lista completo de órdenes y opciones)\n"
+"(Véase en la página del manual la lista completa de órdenes y opciones)\n"
 
-#, fuzzy
-#| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
-msgstr "Uso: gpgconf [opciones] (-h para ayuda)"
+msgstr "Uso: @DIRMNGR@ [opciones] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg-agent [options] [command [args]]\n"
-#| "Secret key management for GnuPG\n"
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
-"Sintaxis: gpg-agent [opciones] [orden [argumentos]]\n"
-"Manejo de claves privadas por GnuPG\n"
+"Sintaxis: @DIRMNGR@ [opciones] [orden [argumentos]]\n"
+"Acceso al servidor de claves, CRL y OCSP para @GNUPG@\n"
 
-#, fuzzy, c-format
-#| msgid "invalid debug-level `%s' given\n"
+#, c-format
 msgid "valid debug levels are: %s\n"
-msgstr "el nivel de depuración `%s` no es válido\n"
+msgstr "los niveles de debug válidos son: %s\n"
 
-#, fuzzy, c-format
-#| msgid "usage: gpgsm [options] "
+#, c-format
 msgid "usage: %s [options] "
-msgstr "uso: gpgsm [opciones] "
+msgstr "uso: %s [opciones] "
 
-#, fuzzy
-#| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
-msgstr "¡%s no permitido con %s!\n"
+msgstr "los dos puntos(:) no están permitidos en el nombre del socket\n"
 
-#, fuzzy, c-format
-#| msgid "renaming `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
-msgstr "renombrando `%s' en `%s' fallo: %s\n"
+msgstr "fallo al intentar descargar CRL desde '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "conversion from `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "processing CRL from '%s' failed: %s\n"
-msgstr "la conversión de `%s' en `%s' falló: %s\n"
+msgstr "falló el procesamiento CRL desde '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "line too long - skipped\n"
+#, c-format
 msgid "%s:%u: line too long - skipped\n"
-msgstr "línea demasiado larga -omitida\n"
+msgstr "%s:%u: línea demasiado larga - omitida\n"
 
-#, fuzzy, c-format
-#| msgid "invalid fingerprint"
+#, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
-msgstr "huella dactilar no válida"
+msgstr "%s:%u: se detectó huella digital no válida\n"
 
-#, fuzzy, c-format
-#| msgid "read error in `%s': %s\n"
+#.
+#, c-format
 msgid "%s:%u: read error: %s\n"
-msgstr "error de lectura `%s': %s\n"
+msgstr "%s:%u: error de lectura: %s\n"
 
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
-msgstr ""
+msgstr "%s:%u: ignorada la basura al final de la línea\n"
 
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
-msgstr ""
+msgstr "SIGHUP recibido - releyendo y haciendo correr las caches\n"
 
 msgid "SIGUSR2 received - no action defined\n"
-msgstr ""
+msgstr "SIGUSR2 recibido - ninguna acción definida\n"
 
 msgid "SIGTERM received - shutting down ...\n"
-msgstr ""
+msgstr "SIGTERM recibido - apagando ...\n"
 
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
-msgstr ""
+msgstr "SIGTERM recibido - todavía %d conexiones activas\n"
 
-#, fuzzy
-#| msgid "not forced"
 msgid "shutdown forced\n"
-msgstr "no forzado"
+msgstr "apagado forzado\n"
 
 msgid "SIGINT received - immediate shutdown\n"
-msgstr ""
+msgstr "SIGINT recibido - apagado inmediato\n"
 
 #, c-format
 msgid "signal %d received - no action defined\n"
-msgstr ""
+msgstr "señal %d recibida - ninguna acción definida\n"
 
 msgid "return all values in a record oriented format"
-msgstr ""
+msgstr "devuelve todos los valores en un formato orientado a record"
 
 msgid "|NAME|ignore host part and connect through NAME"
-msgstr ""
+msgstr "|NAME|ignorar la parte del host y conectar con el NAME"
 
-#, fuzzy
-#| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|connect to host NAME"
-msgstr "|NOMBRE|conectar al socket Assuan NOMBRE"
+msgstr "|NAME|conectar al host NAME"
 
-#, fuzzy
-#| msgid "|N|connect to reader at port N"
 msgid "|N|connect to port N"
-msgstr "|N|conectar el lector al puerto N"
+msgstr "|N|conectar al puerto N"
 
-#, fuzzy
-#| msgid "|NAME|use NAME as default recipient"
 msgid "|NAME|use user NAME for authentication"
-msgstr "|NOMBRE|usa NOMBRE como destinatario por defecto"
+msgstr "|NAME|usa NOMBRE como destinatario por defecto"
 
 msgid "|PASS|use password PASS for authentication"
-msgstr ""
+msgstr "|PASS|usar la contraseña PASS para autentificación"
 
 msgid "take password from $DIRMNGR_LDAP_PASS"
-msgstr ""
+msgstr "tomar el password de $DIRMNGR_LDAP_PASS"
 
 msgid "|STRING|query DN STRING"
-msgstr ""
+msgstr "|STRING|preguntar DN STRING"
 
 msgid "|STRING|use STRING as filter expression"
-msgstr ""
+msgstr "|STRING|usar FRASE como expresión de filtro"
 
 msgid "|STRING|return the attribute STRING"
-msgstr ""
+msgstr "|STRING|devuelve el atributo STRING"
 
-#, fuzzy
-#| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-msgstr "Uso: gpg [opciones] [ficheros] (-h para ayuda)"
+msgstr "Uso: dirmngr_ldap [opciones] [URL] (-h para ayuda)\n"
 
 msgid ""
 "Syntax: dirmngr_ldap [options] [URL]\n"
 "Internal LDAP helper for Dirmngr\n"
 "Interface and options may change without notice\n"
 msgstr ""
+"Syntaxis: dirmngr_ldap [opciones] [URL]\n"
+"Ayudante interno de LDAP para Dirmngr\n"
+"La interfaz y las opciones pueden cambiar sin previo aviso\n"
 
-#, fuzzy, c-format
-#| msgid "invalid import options\n"
+#, c-format
 msgid "invalid port number %d\n"
-msgstr "opciones de importación inválidas\n"
+msgstr "número de puerto inválido %d\n"
 
 #, c-format
 msgid "scanning result for attribute '%s'\n"
-msgstr ""
+msgstr "resultado del scanning para el atributo '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
+#, c-format
 msgid "error writing to stdout: %s\n"
-msgstr "error escribiendo en %s: %s\n"
+msgstr "error al escribir a stdout: %s\n"
 
 #, c-format
 msgid "          available attribute '%s'\n"
-msgstr ""
+msgstr "          atributo disponible '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "certificate `%s' not found: %s\n"
+#, c-format
 msgid "attribute '%s' not found\n"
-msgstr "certificado `%s' no encontrado: %s\n"
+msgstr "atributo \"%s\" no encontrado\n"
 
 #, c-format
 msgid "found attribute '%s'\n"
-msgstr ""
+msgstr "atributo \"%s\" encontrado\n"
 
-#, fuzzy, c-format
-#| msgid "reading from `%s'\n"
+#, c-format
 msgid "processing url '%s'\n"
-msgstr "leyendo desde `%s'\n"
+msgstr "procesando url '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "          w/o user IDs: %lu\n"
+#, c-format
 msgid "          user '%s'\n"
-msgstr "          sin identificador: %lu\n"
+msgstr "       usuario '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "                aka \"%s\""
+#, c-format
 msgid "          pass '%s'\n"
-msgstr "                alias \"%s\""
+msgstr "         pasar '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "          w/o user IDs: %lu\n"
+#, c-format
 msgid "          host '%s'\n"
-msgstr "          sin identificador: %lu\n"
+msgstr "          host '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "          not imported: %lu\n"
+#, c-format
 msgid "          port %d\n"
-msgstr "          no importadas: %lu\n"
+msgstr "        puerto %d\n"
 
-#, fuzzy, c-format
-#| msgid "                aka \"%s\""
+#, c-format
 msgid "            DN '%s'\n"
-msgstr "                alias \"%s\""
+msgstr "            DN '%s'\n"
 
 #, c-format
 msgid "        filter '%s'\n"
-msgstr ""
+msgstr "        filtro '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "                aka \"%s\""
+#, c-format
 msgid "          attr '%s'\n"
-msgstr "                alias \"%s\""
+msgstr "           atr '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "%s:%u: no hostname given\n"
+#, c-format
 msgid "no host name in '%s'\n"
-msgstr "%s:%u: falta el nombre del host\n"
+msgstr "no hay hostname en '%s'\n"
 
 #, c-format
 msgid "no attribute given for query '%s'\n"
-msgstr ""
+msgstr "no se ha dado ningún atributo para la consulta '%s'\n"
 
-#, fuzzy
-#| msgid "WARNING: using insecure memory!\n"
 msgid "WARNING: using first attribute only\n"
-msgstr "ATENCIÓN: ¡se está usando memoria insegura!\n"
+msgstr "ATENCIÓN: ¡se está usando sólo el primer atributo!\n"
 
-#, fuzzy, c-format
-#| msgid "renaming `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "LDAP init to '%s:%d' failed: %s\n"
-msgstr "renombrando `%s' en `%s' fallo: %s\n"
+msgstr "Inicialización LDAP a '%s:%d' ha fallado: %s\n"
 
-#, fuzzy, c-format
-#| msgid "renaming `%s' to `%s' failed: %s\n"
+#, c-format
 msgid "binding to '%s:%d' failed: %s\n"
-msgstr "renombrando `%s' en `%s' fallo: %s\n"
+msgstr "ha fallado el binding con '%s:%d': %s\n"
 
-#, fuzzy, c-format
-#| msgid "dearmoring failed: %s\n"
+#, c-format
 msgid "searching '%s' failed: %s\n"
-msgstr "eliminación de armadura fallida: %s\n"
+msgstr "ha fallado la búsqueda '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "`%s' is not a JPEG file\n"
+#, c-format
 msgid "'%s' is not an LDAP URL\n"
-msgstr "`%s' no es un fichero JPEG\n"
+msgstr "'%s' no es una URL LDAP\n"
 
 #, c-format
 msgid "'%s' is an invalid LDAP URL\n"
-msgstr ""
+msgstr "'%s' no es una URL LDAP válida\n"
 
-#, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
+#, c-format
 msgid "error accessing '%s': http status %u\n"
-msgstr "error ejecutando `%s': código de finalización %d\n"
+msgstr "error mientras se accedía '%s': http status %u\n"
 
-#, fuzzy, c-format
-#| msgid "error allocating enough memory: %s\n"
+#, c-format
 msgid "error allocating memory: %s\n"
-msgstr "error reservando memoria: %s\n"
+msgstr "error al reservar memoria: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
+#, c-format
 msgid "error printing log line: %s\n"
-msgstr "error escribiendo en %s: %s\n"
+msgstr "error al escribir la entrada de bitácora: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading from %s: %s\n"
+#, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
-msgstr "error leyendo de %s: %s\n"
+msgstr "error al leer desde el wrapper de ldap %d: %s\n"
 
-#, fuzzy, c-format
-#| msgid "pth_select failed: %s - waiting 1s\n"
+#, c-format
 msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "pth_select falló: %s - espero 1s\n"
+msgstr "ha fallado npth_select: %s - esperando 1s\n"
 
 #, c-format
 msgid "ldap wrapper %d ready"
-msgstr ""
+msgstr "el wrapper %d de ldap está listo"
 
 #, c-format
 msgid "ldap wrapper %d ready: timeout\n"
-msgstr ""
+msgstr "el wrapper %d de ldap está listo: tiempo máximo de espera\n"
 
 #, c-format
 msgid "ldap wrapper %d ready: exitcode=%d\n"
-msgstr ""
+msgstr "ldap wrapper %d listo: exitcode=%d\n"
 
-#, fuzzy, c-format
-#| msgid "waiting for process %d to terminate failed: %s\n"
+#, c-format
 msgid "waiting for ldap wrapper %d failed: %s\n"
-msgstr "fallo esperando que el proceso %d terminara: %s\n"
+msgstr "error al esperar el wrapper %d de ldap: %s\n"
 
 #, c-format
 msgid "ldap wrapper %d stalled - killing\n"
-msgstr ""
+msgstr "el wrapper %d de ldap está parado - matándolo\n"
 
 #, c-format
 msgid "error spawning ldap wrapper reaper thread: %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
+#, c-format
 msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "fallo leyendo clave pública: %s\n"
+msgstr "error al leer desde el wrapper %d de ldap: %s\n"
 
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "sending key %s to %s server %s\n"
+#, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
-msgstr "enviando clave %s a %s servidor %s\n"
+msgstr "añadiendo '%s:%d' a la lista de servidores ldap\n"
 
-#, fuzzy, c-format
-#| msgid "select failed: %s\n"
+#, c-format
 msgid "malloc failed: %s\n"
-msgstr "select fallido: %s\n"
+msgstr "ha fallado malloc: %s\n"
 
 #, c-format
 msgid "start_cert_fetch: invalid pattern '%s'\n"
@@ -8554,76 +8009,64 @@ msgstr ""
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#, fuzzy
-#| msgid "%s: invalid file version %d\n"
 msgid "invalid canonical S-expression found\n"
-msgstr "%s: versión del fichero %d inválida\n"
+msgstr "se encontró S-expression canónica no válida\n"
 
-#, fuzzy, c-format
-#| msgid "iconv_open failed: %s\n"
+#, c-format
 msgid "gcry_md_open failed: %s\n"
-msgstr "iconv_open falló: %s\n"
+msgstr "ha fallado gcry_md_open: %s\n"
 
-#, fuzzy, c-format
-#| msgid "update secret failed: %s\n"
+#, c-format
 msgid "oops: ksba_cert_hash failed: %s\n"
-msgstr "actualización de la clave secreta fallida: %s\n"
+msgstr "oops: ha fallado ksba_cert_hash: %s\n"
 
 msgid "bad URL encoding detected\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "error reading from %s: %s\n"
+#, c-format
 msgid "error reading from responder: %s\n"
-msgstr "error leyendo de %s: %s\n"
+msgstr "error al leer del responder: %s\n"
 
-#, fuzzy, c-format
-#| msgid "Error: Private DO too long (limit is %d characters).\n"
+#, c-format
 msgid "response from server too large; limit is %d bytes\n"
 msgstr ""
-"Error: los datos privados son demasiado largos (límite de %d caracteres).\n"
+"la respuesta del servidor es demasiado larga; el límite son los %d bytes\n"
 
-#, fuzzy
-#| msgid "certificate `%s' not found: %s\n"
+#. For now we do not allow OCSP via Tor due to possible privacy
+#. concerns.  Needs further research.
 msgid "OCSP request not possible due to Tor mode\n"
-msgstr "certificado `%s' no encontrado: %s\n"
+msgstr "las consultas OCSP no son posibles a causa del modo Tor\n"
 
 msgid "OCSP request not possible due to disabled HTTP\n"
-msgstr ""
+msgstr "las consultas OCSP no son posibles porque HTTP está desactivado\n"
 
-#, fuzzy, c-format
-#| msgid "error storing flags: %s\n"
+#, c-format
 msgid "error setting OCSP target: %s\n"
-msgstr "error almacenando parámetros: %s\n"
+msgstr "error al establecer el target OCSP: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error loading `%s': %s\n"
+#, c-format
 msgid "error building OCSP request: %s\n"
-msgstr "error cargando `%s': %s\n"
+msgstr "error mientras se creaba la consulta OCSP: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error writing to `%s': %s\n"
+#, c-format
 msgid "error connecting to '%s': %s\n"
-msgstr "error escribiendo en `%s': %s\n"
+msgstr "error al conectar a '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading from %s: %s\n"
+#, c-format
 msgid "error reading HTTP response for '%s': %s\n"
-msgstr "error leyendo de %s: %s\n"
+msgstr "error al leer la respuesta HTTP para '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "error binding socket to `%s': %s\n"
+#, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
-msgstr "error enlazando el socket con `%s': %s\n"
+msgstr "error al leer la respuesta OCSP para '%s': %s\n"
 
 #, c-format
 msgid "OCSP responder at '%s' status: %s\n"
-msgstr ""
+msgstr "status del OCSP responder en '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "changing permission of  `%s' failed: %s\n"
+#, c-format
 msgid "hashing the OCSP response for '%s' failed: %s\n"
-msgstr "al cambiar permisos de `%s' ocurrió el fallo: %s\n"
+msgstr ""
 
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
@@ -8631,84 +8074,69 @@ msgstr ""
 msgid "only SHA-1 is supported for OCSP responses\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "receiving line failed: %s\n"
+#, c-format
 msgid "allocating list item failed: %s\n"
-msgstr "fallo recibiendo la línea: %s\n"
+msgstr ""
 
-#, fuzzy, c-format
-#| msgid "error getting new PIN: %s\n"
+#, c-format
 msgid "error getting responder ID: %s\n"
-msgstr "error obteniendo nuevo PIN: %s\n"
+msgstr "error intentando obtener identificador de responder: %s\n"
 
-#, fuzzy
-#| msgid "certificate should have not been used for OCSP response signing\n"
 msgid "no suitable certificate found to verify the OCSP response\n"
-msgstr "el certificado no debería haberse usado para firma en respuesta OCSP\n"
+msgstr ""
+"no se ha encontrado un certificado adecuado para verificar la respuesta "
+"OCSP\n"
 
-#, fuzzy, c-format
-#| msgid "issuer certificate not found"
+#, c-format
 msgid "issuer certificate not found: %s\n"
-msgstr "no se encuentra emisor del certificado"
+msgstr "no se encuentra el emisor de este certificado: %s\n"
 
-#, fuzzy
-#| msgid "error reading list of trusted root certificates\n"
 msgid "caller did not return the target certificate\n"
-msgstr "error leyendo la lista de certificados raíz fiables\n"
+msgstr ""
 
-#, fuzzy
-#| msgid "error storing certificate\n"
 msgid "caller did not return the issuing certificate\n"
-msgstr "error almacenando certificado\n"
+msgstr ""
 
-#, fuzzy, c-format
-#| msgid "failed to allocate keyDB handle\n"
+#, c-format
 msgid "failed to allocate OCSP context: %s\n"
-msgstr "fallo al reservar handle de keyDB\n"
+msgstr "fallo al asignar el contexto OCSP: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: can't access: %s\n"
+#, c-format
 msgid "can't get authorityInfoAccess: %s\n"
-msgstr "%s: no se puede abrir: %s\n"
+msgstr ""
 
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#, fuzzy
-#| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
-msgstr "no hay anillo secreto de claves por defecto: %s\n"
+msgstr "no hay ningún firmante OCSP predeterminado definido\n"
 
-#, fuzzy, c-format
-#| msgid "using default PIN as %s\n"
+#, c-format
 msgid "using default OCSP responder '%s'\n"
-msgstr "usando PIN por defecto %s\n"
+msgstr "usar el contestador OCSP predeterminado '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "using cipher %s\n"
+#, c-format
 msgid "using OCSP responder '%s'\n"
-msgstr "usando cifrado %s\n"
+msgstr "usar OCSP responder '%s'\n"
 
 #, c-format
 msgid "failed to establish a hashing context for OCSP: %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "error storing certificate: %s\n"
+#, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
-msgstr "error almacenando certificado: %s\n"
+msgstr "error al obtener status OCSP para certificado de destino: %s\n"
 
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
-msgstr ""
+msgstr "el status del certificado es: %s (esta=%s próxima=%s)\n"
 
 msgid "good"
-msgstr ""
+msgstr "bien"
 
-#, fuzzy, c-format
-#| msgid "certificate has been revoked"
+#, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
-msgstr "el certificado ha sido revocado"
+msgstr "el certificado ha sido revocado el: %s a causa de: %s\n"
 
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
@@ -8720,112 +8148,88 @@ msgid "OCSP responder returned an too old status\n"
 msgstr ""
 
 #, fuzzy, c-format
-#| msgid "sending line failed: %s\n"
 msgid "assuan_inquire(%s) failed: %s\n"
-msgstr "fallo mandando la línea: %s\n"
+msgstr "renombrar '%s' a '%s' falló: %s\n"
 
+#, fuzzy
 msgid "ldapserver missing"
-msgstr ""
+msgstr "falta el parámetro"
 
 msgid "serialno missing in cert ID"
 msgstr ""
 
 #, fuzzy, c-format
-#| msgid "sending line failed: %s\n"
 msgid "assuan_inquire failed: %s\n"
-msgstr "fallo mandando la línea: %s\n"
+msgstr "ha fallado la búsqueda '%s': %s\n"
 
 #, fuzzy, c-format
-#| msgid "select failed: %s\n"
 msgid "fetch_cert_by_url failed: %s\n"
-msgstr "select fallido: %s\n"
+msgstr "ha fallado crl_fetch via DP: %s\n"
 
 #, fuzzy, c-format
-#| msgid "error sending %s command: %s\n"
 msgid "error sending data: %s\n"
-msgstr "error enviando orden %s: %s\n"
+msgstr "clave %s: error enviando al agente: %s\n"
 
 #, fuzzy, c-format
-#| msgid "select failed: %s\n"
 msgid "start_cert_fetch failed: %s\n"
-msgstr "select fallido: %s\n"
+msgstr "ha fallado crl_fetch via DP: %s\n"
 
 #, fuzzy, c-format
-#| msgid "select failed: %s\n"
 msgid "fetch_next_cert failed: %s\n"
-msgstr "select fallido: %s\n"
+msgstr "lectura fallida: %s\n"
 
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
 #, fuzzy, c-format
-#| msgid "cannot allocate outfile string: %s\n"
 msgid "can't allocate control structure: %s\n"
 msgstr "no puedo reservar espacio para la cadena de salida: %s\n"
 
 #, fuzzy, c-format
-#| msgid "failed to create stream from socket: %s\n"
 msgid "failed to allocate assuan context: %s\n"
 msgstr "fallo al crear un flujo desde el socket: %s\n"
 
 #, fuzzy, c-format
-#| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "inicialización de la base de datos de confianza fallida: %s\n"
 
 #, fuzzy, c-format
-#| msgid "failed to store the creation date: %s\n"
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "fallo guardando la fecha de creación: %s\n"
 
 #, fuzzy, c-format
-#| msgid "user '%s' list problem: %s\n"
 msgid "Assuan accept problem: %s\n"
-msgstr "problema lista usuario '%s': %s\n"
+msgstr "problema al renombrar '%s' a '%s': %s\n"
 
-#, fuzzy, c-format
-#| msgid "signing failed: %s\n"
+#, c-format
 msgid "Assuan processing failed: %s\n"
-msgstr "firma fallida: %s\n"
+msgstr "ha fallado el procesado Assuan: %s\n"
 
-#, fuzzy
-#| msgid "issuer certificate is not marked as a CA"
 msgid "accepting root CA not marked as a CA"
-msgstr "el certificado del emisor no está marcado como CA"
+msgstr "aceptando CA raíz que no está marcado como CA"
 
-#, fuzzy
-#| msgid "checking the trustdb\n"
 msgid "CRL checking too deeply nested\n"
-msgstr "comprobando base de datos de confianza\n"
+msgstr "El chequeo CRL tiene demasiados bucles\n"
 
 msgid "not checking CRL for"
-msgstr ""
+msgstr "no se chequeará CRL para"
 
-#, fuzzy
-#| msgid "checking the CRL failed: %s"
 msgid "checking CRL for"
-msgstr "la comprobación de CRL falló: %s"
+msgstr "comprobando CRL para"
 
-#, fuzzy
-#| msgid "self-signed certificate has a BAD signature"
 msgid "selfsigned certificate has a BAD signature"
-msgstr "certificado auto firmado con firma INCORRECTA"
+msgstr "el certificado auto-firmado tiene una firma INCORRECTA"
 
-#, fuzzy, c-format
-#| msgid "checking for qualified certificate failed: %s\n"
+#, c-format
 msgid "checking trustworthiness of root certificate failed: %s\n"
-msgstr "la comprobación de la firma cualificada falló: %s\n"
+msgstr "ha fallado el chequeo de confianza del certificado raíz: %s\n"
 
-#, fuzzy
-#| msgid "certificate is good\n"
 msgid "certificate chain is good\n"
-msgstr "certificado correcto\n"
+msgstr "cadena de certificados es buena\n"
 
-#, fuzzy
-#| msgid "certificate should have not been used for signing\n"
 msgid "certificate should not have been used for CRL signing\n"
-msgstr "el certificado no debería haberse usado para firmar\n"
+msgstr "el certificado no debería haberse usado para firmas CRL\n"
 
 msgid "quiet"
 msgstr "silencioso"
@@ -8836,18 +8240,14 @@ msgstr "escribir datos de salida en hexadecimal"
 msgid "decode received data lines"
 msgstr "decodificar líneas de datos recibidos"
 
-#, fuzzy
-#| msgid "pass a command to the dirmngr"
 msgid "connect to the dirmngr"
-msgstr "pasar una orden a dirmngr"
+msgstr "conecta al dirmngr"
 
 msgid "|NAME|connect to Assuan socket NAME"
-msgstr "|NOMBRE|conectar al socket Assuan NOMBRE"
+msgstr "|NAME|conectar al socket Assuan NOMBRE"
 
-#, fuzzy
-#| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|ADDR|connect to Assuan server at ADDR"
-msgstr "|NOMBRE|conectar al socket Assuan NOMBRE"
+msgstr "|ADDR|conectar al servidor Assuan en ADDR"
 
 msgid "run the Assuan server given on the command line"
 msgstr "ejecutar el servidor Assuan indicando en línea de órdenes"
@@ -8856,25 +8256,19 @@ msgid "do not use extended connect mode"
 msgstr "no usar el modo de conexión extendido"
 
 msgid "|FILE|run commands from FILE on startup"
-msgstr "|FICHERO|ejecuta órdenes de FICHERO al empezar"
+msgstr "|FILE|ejecuta órdenes de FICHERO al empezar"
 
 msgid "run /subst on startup"
 msgstr "ejecutar /subst al empezar"
 
-#, fuzzy
-#| msgid "Usage: gpg-connect-agent [options] (-h for help)"
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
-msgstr "Uso: gpg-connect-agent [opciones] (-h para ayuda)"
+msgstr "Uso: @GPG@-connect-agent [opciones] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg-connect-agent [options]\n"
-#| "Connect to a running agent and send commands\n"
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
-"Sintaxis: gpg-connect-agent [opciones]\n"
+"Sintaxis:  @GPG@-connect-agent [opciones]\n"
 "Conectar a un agente que se está ejecutando y mandar órdenes\n"
 
 #, c-format
@@ -8895,10 +8289,9 @@ msgstr "línea demasiado larga -omitida\n"
 msgid "line shortened due to embedded Nul character\n"
 msgstr "línea acortada por culpa del caracter Nul incluído\n"
 
-#, fuzzy, c-format
-#| msgid "unknown command `%s'\n"
+#, c-format
 msgid "unknown command '%s'\n"
-msgstr "orden desconocida `%s'\n"
+msgstr "orden desconocida '%s'\n"
 
 #, c-format
 msgid "sending line failed: %s\n"
@@ -8942,7 +8335,7 @@ msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|pedir al menos N caracteres no alfabéticos para nuevas contraseñas"
 
 msgid "|FILE|check new passphrases against pattern in FILE"
-msgstr "|FICHERO|comprobar nuevas frases contraseña con el patrón en FICHERO"
+msgstr "|FILE|comprobar nuevas frases contraseña con el patrón en FICHERO"
 
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|frase contraseña caduca tras N días"
@@ -8950,19 +8343,17 @@ msgstr "|N|frase contraseña caduca tras N días"
 msgid "do not allow the reuse of old passphrases"
 msgstr "no permite reusar antiguas frases contraseña"
 
-#, fuzzy
-#| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set the Pinentry timeout to N seconds"
-msgstr "|N|establecer vida máxima del caché de PIN en N segundos"
+msgstr "|N|establecer vida máxima de Pinentry en N segundos"
 
 msgid "|NAME|use NAME as default secret key"
-msgstr "|NOMBRE|usa NOMBRE como clave secreta por defecto"
+msgstr "|NAME|usa NOMBRE como clave secreta por defecto"
 
 msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NOMBRE|cifra para el ususario NOMBRE también"
+msgstr "|NAME|cifra para el ususario NOMBRE también"
 
 msgid "|SPEC|set up email aliases"
-msgstr "|ESPEC|establecer alias de email"
+msgstr "|SPEC|establecer alias de email"
 
 msgid "Configuration for Keyservers"
 msgstr "Configuración para servidores de claves"
@@ -8974,13 +8365,13 @@ msgid "allow PKA lookups (DNS requests)"
 msgstr "permitir búsquedas PKA (peticiones DNS)"
 
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
-msgstr "|MECANISMOS|usa MECANISMOS para encontrar claves por emails"
+msgstr "|MECHANISMS|usa MECANISMOS para encontrar claves por emails"
 
 msgid "disable all access to the dirmngr"
 msgstr "prohibir todo acceso al dirmngr"
 
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
-msgstr "|NOMBRE|usa la codificación NOMBRE para frases contraseña PKCS#12"
+msgstr "|NAME|usa la codificación NOMBRE para frases contraseña PKCS#12"
 
 msgid "do not check CRLs for root certificates"
 msgstr "no comprobar CRLs para certificados raíz"
@@ -8991,10 +8382,8 @@ msgstr "Opciones que controlan el formato de la salida"
 msgid "Options controlling the interactivity and enforcement"
 msgstr "Opciones que controlan la interactividad y obligación"
 
-#, fuzzy
-#| msgid "Options controlling the security"
 msgid "Options controlling the use of Tor"
-msgstr "Opciones que controlan la seguridad"
+msgstr "Opciones que controlan el uso de Tor"
 
 msgid "Configuration for HTTP servers"
 msgstr "Configuración de servidores HTTP"
@@ -9012,21 +8401,19 @@ msgid "Configuration for OCSP"
 msgstr "Configuración de OCSP"
 
 msgid "OpenPGP"
-msgstr ""
+msgstr "OpenPGP"
 
 msgid "Private Keys"
-msgstr ""
+msgstr "Claves privados"
 
 msgid "Smartcards"
 msgstr ""
 
 msgid "S/MIME"
-msgstr ""
+msgstr "S/MIME"
 
-#, fuzzy
-#| msgid "network error"
 msgid "Network"
-msgstr "error de red"
+msgstr "Red"
 
 # ¿Por qué no frase de paso?
 # Porque todo el mundo sabe lo que es una contraseña
@@ -9037,15 +8424,11 @@ msgstr "error de red"
 # ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
 # ¿Es que son más listos? :-)
 #
-#, fuzzy
-#| msgid "Bad Passphrase"
 msgid "Passphrase Entry"
-msgstr "Frase contraseña errónea"
+msgstr "Frase contraseña"
 
-#, fuzzy
-#| msgid "Component not found"
 msgid "Component not suitable for launching"
-msgstr "Componente no encontrado"
+msgstr "Componente no adecuando para lanzamiento"
 
 #, c-format
 msgid "External verification of component %s failed"
@@ -9054,15 +8437,13 @@ msgstr "Verificación externa del componente %s fallida"
 msgid "Note that group specifications are ignored\n"
 msgstr "Note que las especificación de grupo se ignoran\n"
 
-#, fuzzy, c-format
-#| msgid "error closing %s: %s\n"
+#, c-format
 msgid "error closing '%s'\n"
-msgstr "error cerrando %s: %s\n"
+msgstr "error al cerrar '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "error in `%s': %s\n"
+#, c-format
 msgid "error parsing '%s'\n"
-msgstr "error en `%s': %s\n"
+msgstr "error al leer '%s'\n"
 
 msgid "list all components"
 msgstr "listar todos los componentes"
@@ -9071,26 +8452,22 @@ msgid "check all programs"
 msgstr "comprobar todos los programas"
 
 msgid "|COMPONENT|list options"
-msgstr "|COMPONENTE|lista de opciones"
+msgstr "|COMPONENT|lista de opciones"
 
 msgid "|COMPONENT|change options"
-msgstr "|COMPONENTE|cambiar opciones"
+msgstr "|COMPONENT|cambiar opciones"
 
 msgid "|COMPONENT|check options"
-msgstr "|COMPONENTE|comprobar opciones"
+msgstr "|COMPONENT|comprobar opciones"
 
 msgid "apply global default values"
 msgstr "aplicar valores globales por defecto"
 
-#, fuzzy
-#| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
-msgstr "|FICHERO|tomar política de información de FICHERO"
+msgstr "|FILE|actualizar los archivos de configuración usando ARCHIVO"
 
-#, fuzzy
-#| msgid "get the configuration directories for gpgconf"
 msgid "get the configuration directories for @GPGCONF@"
-msgstr "obtener directorios de configuración para gpgconf"
+msgstr "obtener directorios de configuración para @GPGCONF@"
 
 msgid "list global configuration file"
 msgstr "listar fichero de configuración global"
@@ -9098,25 +8475,17 @@ msgstr "listar fichero de configuración global"
 msgid "check global configuration file"
 msgstr "comprobar fichero global de configuración"
 
-#, fuzzy
-#| msgid "update the trust database"
 msgid "query the software version database"
-msgstr "actualiza la base de datos de confianza"
+msgstr ""
 
-#, fuzzy
-#| msgid "list all components"
 msgid "reload all or a given component"
-msgstr "listar todos los componentes"
+msgstr "listar todos los componentes, o uno en particular"
 
-#, fuzzy
-#| msgid "list all components"
 msgid "launch a given component"
-msgstr "listar todos los componentes"
+msgstr "iniciar un componente en particular"
 
-#, fuzzy
-#| msgid "list all components"
 msgid "kill a given component"
-msgstr "listar todos los componentes"
+msgstr "matar un componente particular"
 
 msgid "use as output file"
 msgstr "usa como fichero de salida"
@@ -9124,21 +8493,15 @@ msgstr "usa como fichero de salida"
 msgid "activate changes at runtime, if possible"
 msgstr "activar cambios en tiempo de ejecución, si es posible"
 
-#, fuzzy
-#| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
-msgstr "Uso: gpgconf [opciones] (-h para ayuda)"
+msgstr "Uso: @GPGCONF@ [opciones] (-h para ayuda)"
 
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpgconf [options]\n"
-#| "Manage configuration options for tools of the GnuPG system\n"
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
-"Sintaxis: gpgconf [opciones]\n"
-"Administrar opciones de configuración de las herramientas GnuPG\n"
+"Sintaxis: @GPGCONF@ [opciones]\n"
+"Administra opciones de configuración de las herramientas GnuPG\n"
 
 msgid "Need one component argument"
 msgstr "Necesita un argumento de un componente"
@@ -9200,10 +8563,9 @@ msgstr "%s en %s abortó con estado %i\n"
 msgid "%s on %s failed with status %i\n"
 msgstr "%s en %s falló con estado %i\n"
 
-#, fuzzy, c-format
-#| msgid "can't create temporary directory `%s': %s\n"
+#, c-format
 msgid "can't create temporary directory '%s': %s\n"
-msgstr "no se puede crear el directorio temporal `%s': %s\n"
+msgstr "no se puede crear el directorio temporal '%s': %s\n"
 
 #, c-format
 msgid "could not open %s for writing: %s\n"
@@ -9300,15 +8662,6 @@ msgstr ""
 "Compara frase contraseña dada en entrada estándar con un fichero de "
 "patrones\n"
 
-#~ msgid "What keysize do you want for the Signature key? (%u) "
-#~ msgstr "¿De qué tamaño quiere la clave de Firmado? (%u) "
-
-#~ msgid "What keysize do you want for the Encryption key? (%u) "
-#~ msgstr "¿De qué tamaño quiere la clave de Cifrado? (%u) "
-
-#~ msgid "What keysize do you want for the Authentication key? (%u) "
-#~ msgstr "¿De qué tamaño quiere la clave de Autenticación? (%u) "
-
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() falló: %s\n"
 
@@ -9365,13 +8718,13 @@ msgstr ""
 #, fuzzy
 #~| msgid "new configuration file `%s' created\n"
 #~ msgid "new configuration file '%s' created\n"
-#~ msgstr "creado un nuevo fichero de configuración `%s'\n"
+#~ msgstr "creado un nuevo fichero de configuración '%s'\n"
 
 #, fuzzy
 #~| msgid "WARNING: options in `%s' are not yet active during this run\n"
 #~ msgid "WARNING: options in '%s' are not yet active during this run\n"
 #~ msgstr ""
-#~ "AVISO: las opciones en `%s' no están aún activas en esta ejecución\n"
+#~ "AVISO: las opciones en '%s' no están aún activas en esta ejecución\n"
 
 #, fuzzy
 #~| msgid "Key generation failed: %s\n"
@@ -9473,7 +8826,7 @@ msgstr ""
 #, fuzzy
 #~| msgid "unknown command `%s'\n"
 #~ msgid "unknown TOFU DB format '%s'\n"
-#~ msgstr "orden desconocida `%s'\n"
+#~ msgstr "orden desconocida '%s'\n"
 
 #~ msgid "libgcrypt is too old (need %s, have %s)\n"
 #~ msgstr "libgcrypt demasiado antigua (necesito %s, tengo %s)\n"
@@ -9697,7 +9050,7 @@ msgstr ""
 #~ msgstr "usar una localización estándar para el socket"
 
 #~ msgid "|FILE|write environment settings also to FILE"
-#~ msgstr "|FICHERO|escribir variables de entorno también en FICHERO"
+#~ msgstr "|FILE|escribir variables de entorno también en FICHERO"
 
 #~ msgid "Usage: gpg-agent [options] (-h for help)"
 #~ msgstr "Uso: gpg-agent [opciones] (-h para ayuda)"
@@ -10050,10 +9403,10 @@ msgstr ""
 #~ msgstr "añade este anillo secreto a la lista"
 
 #~ msgid "|NAME|set terminal charset to NAME"
-#~ msgstr "|NOMBRE|usa el juego de caracteres NOMBRE"
+#~ msgstr "|NAME|usa el juego de caracteres NOMBRE"
 
 #~ msgid "|FILE|load extension module FILE"
-#~ msgstr "|FICHERO|carga módulo de extensiones FICHERO"
+#~ msgstr "|FILE|carga módulo de extensiones FICHERO"
 
 #~ msgid "|N|use compress algorithm N"
 #~ msgstr "|N|usa el algoritmo de compresión N"
@@ -10783,7 +10136,7 @@ msgstr ""
 
 #~ msgid "|NAME|use message digest algorithm NAME for passphrases"
 #~ msgstr ""
-#~ "|NOMBRE|usa algoritmo de resumen de mensaje NOMBRE para las contraseñas"
+#~ "|NAME|usa algoritmo de resumen de mensaje NOMBRE para las contraseñas"
 
 #~ msgid "throw keyid field of encrypted packets"
 #~ msgstr "elimina campo keyid de los paquetes cifrados"
-- 
cgit v1.2.3


From c31abf84659dbda5503dd9f3aa3449520bcd1b84 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 13 Apr 2018 10:09:02 +0900
Subject: g10: Push compress filter only if compressed.

* g10/compress.c (handle_compressed): Fix memory leak.

--

All other calls of push_compress_filter checks ALGO,
so, do it here, too.

GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/compress.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/g10/compress.c b/g10/compress.c
index 61bb756f2..67c9c9bd6 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -309,15 +309,18 @@ int
 handle_compressed (ctrl_t ctrl, void *procctx, PKT_compressed *cd,
 		   int (*callback)(IOBUF, void *), void *passthru )
 {
-    compress_filter_context_t *cfx;
     int rc;
 
     if(check_compress_algo(cd->algorithm))
       return GPG_ERR_COMPR_ALGO;
-    cfx = xmalloc_clear (sizeof *cfx);
-    cfx->release = release_context;
-    cfx->algo = cd->algorithm;
-    push_compress_filter(cd->buf,cfx,cd->algorithm);
+    if(cd->algorithm) {
+        compress_filter_context_t *cfx;
+
+        cfx = xmalloc_clear (sizeof *cfx);
+        cfx->release = release_context;
+        cfx->algo = cd->algorithm;
+        push_compress_filter(cd->buf,cfx,cd->algorithm);
+    }
     if( callback )
 	rc = callback(cd->buf, passthru );
     else
-- 
cgit v1.2.3


From f747b8f0734338baa1e608b193b213aca2c577e8 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 13 Apr 2018 16:42:34 +0900
Subject: g10: Fix memory leak in check_sig_and_print.

* g10/mainproc.c (check_sig_and_print): Free the public key.

--

GnuPG-bug-id: 3900
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/mainproc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 49e728656..c7deeab5f 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -2308,6 +2308,7 @@ check_sig_and_print (CTX c, kbnode_t node)
         log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
     }
 
+  free_public_key (pk);
   xfree (issuer_fpr);
   return rc;
 }
-- 
cgit v1.2.3


From 3b1ee413a65bf566aa8e5f29a5a2cd5a94e66faa Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Sun, 15 Apr 2018 21:01:50 +0200
Subject: build: New target "release" to automate the release process.

* Makefile.am (RELEASE_ARCHIVE_DIR): New.
(RELEASE_SIGNING_KEY): New.
(AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg,
(RELEASE_NAME, RELEASE_W32_STEM_NAME): New.
(release, sign-release): New.
--

This requires GNU make and also some other decent utilities;  however,
they are anyway required for building the W32 installer.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 Makefile.am | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index c01c0a843..680fe1be1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -18,10 +18,21 @@
 
 ## Process this file with automake to produce Makefile.in
 
+# Location of the released tarball archives.  Note that this is an
+# internal archive and before uploading this to the public server,
+# manual tests should be run and the git release tat set and pushed.
+# Adjust as needed.
+RELEASE_ARCHIVE_DIR  = wk@vigenere:tarballs/gnupg/v2.2
+
+# The key used to sign the released sources.  Adjust as needed.
+RELEASE_SIGNING_KEY  = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+
+
+# Autoconf flags.
 ACLOCAL_AMFLAGS = -I m4
 AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
   --enable-all-tests --enable-symcryptrun --enable-g13 \
-  --enable-gpg2-is-gpg --enable-gpgtar --enable-wks-tools --disable-ntbtls
+  --enable-gpgtar --enable-wks-tools --disable-ntbtls
 
 GITLOG_TO_CHANGELOG=gitlog-to-changelog
 
@@ -151,8 +162,68 @@ TESTS_ENVIRONMENT = \
 	objdir=$(abs_top_builddir) \
 	GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm
 
-.PHONY: check-all
+.PHONY: check-all release sign-release
 check-all:
 	$(TESTS_ENVIRONMENT) \
 	  $(abs_top_builddir)/tests/gpgscm/gpgscm \
 	  $(abs_srcdir)/tests/run-tests.scm $(TESTFLAGS) $(TESTS)
+
+# Names of to help the release target.
+RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION)
+RELEASE_W32_STEM_NAME = $(PACKAGE_TARNAME)-w32-$(PACKAGE_VERSION)
+
+release:
+	+(set -e;\
+	 if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \
+           echo "error: build directory must not be the source directory" >&2;\
+	   exit 2;\
+         fi ;\
+	 echo "/* Build started at $$(date -uIseconds) */" ;\
+	 cd $(top_srcdir); \
+	 ./autogen.sh --force; \
+	 cd $(abs_top_builddir); \
+	 rm -rf dist; mkdir dist ; cd dist ; \
+	 $(abs_top_srcdir)/configure --enable-maintainer-mode; \
+	 $(MAKE) distcheck TESTFLAGS=--parallel; \
+	 $(TAR) xjf $(RELEASE_NAME).tar.bz2 ;\
+	 $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk w32-release ;\
+	 echo "/* Build finished at $$(date -uIseconds) */" ;\
+         echo "/*" ;\
+	 echo " * Please run the final step interactivly:" ;\
+	 echo " *   make sign-release" ;\
+	 echo " */" ;\
+	) 2>&1 | tee "$(RELEASE_NAME).buildlog"
+
+sign-release:
+	 +(set -e; \
+	  cd dist; \
+	  release_w32_name="$(RELEASE_W32_STEM_NAME)_$$(date -u +%Y%m%d)" ;\
+	  files1="$(RELEASE_NAME).tar.bz2 \
+                  $${release_w32_name}.tar.xz \
+                  $${release_w32_name}.exe" ;\
+	  files2="$(RELEASE_NAME).tar.bz2.sig \
+		  $(RELEASE_NAME).swdb \
+		  $(RELEASE_NAME).buildlog \
+		  $${release_w32_name}.tar.xz.sig \
+		  $${release_w32_name}.exe.sig    \
+		  $${release_w32_name}.exe.swdb" ;\
+	  $(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk w32-sign-installer ;\
+	  echo "/* Signing the source tarball ..." ;\
+	  gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\
+	  echo "/* Signing the W32 source tarball ..." ;\
+	  gpg -sbu $(RELEASE_SIGNING_KEY) $${release_w32_name}.tar.xz ;\
+	  echo "/* Signing the W32 installer ..." ;\
+	  gpg -sbu $(RELEASE_SIGNING_KEY) $${release_w32_name}.exe ;\
+	  cat $(RELEASE_NAME).swdb >swdb.snippet;\
+	  echo '#+macro: gnupg22_branch  STABLE-BRANCH-2-2' >>swdb.snippet;\
+	  cat  $${release_w32_name}.exe.swdb >>swdb.snippet;\
+	  echo >>swdb.snippet ;\
+	  sha1sum $${files1} >>swdb.snippet ;\
+          cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
+               | gzip >$(RELEASE_NAME).buildlog ;\
+          echo "Release created - copying it to the local archive ..." ;\
+	  scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\
+	  echo '/*' ;\
+	  echo ' * All done; for checksums see dist/swdb.snippet' ;\
+	  echo ' */' ;\
+         )
-- 
cgit v1.2.3


From e12475429578add12a53fb2232cb45dc9e2aae1b Mon Sep 17 00:00:00 2001
From: emma peel <emma.peel@aktivix.org>
Date: Mon, 16 Apr 2018 12:39:14 -0700
Subject: po: correct label tags in Finnish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 po/fi.po | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/po/fi.po b/po/fi.po
index ee4085990..1e5236eff 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -346,7 +346,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|read options from FILE"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "do not detach from the console"
 msgstr ""
@@ -368,7 +368,7 @@ msgstr "päivitä luottamustietokanta"
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
-msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
+msgstr "|NAME|aseta päätteen merkistöksi NIMI"
 
 msgid "ignore requests to change the TTY"
 msgstr ""
@@ -1914,12 +1914,12 @@ msgstr "salaista avainta \"%s\" ei löydy: %s\n"
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
-msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NAME|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
-msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NAME|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, c-format
 msgid "all values passed to '%s' ignored\n"
@@ -2081,7 +2081,7 @@ msgstr "tuota ascii-koodattu tuloste"
 
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
-msgstr "|NIMI|salaa vastaanottajalle NIMI"
+msgstr "|USER-ID|salaa vastaanottajalle NIMI"
 
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
@@ -2096,7 +2096,7 @@ msgstr "käytä tekstimuotoa"
 
 #, fuzzy
 msgid "|FILE|write output to FILE"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "do not make any changes"
 msgstr "älä tee muutoksia"
@@ -6534,18 +6534,18 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|write a log to FILE"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "|N|connect to reader at port N"
 msgstr ""
 
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
-msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+msgstr "|NAME|käytä NIMI oletusvastaanottajana"
 
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
-msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+msgstr "|NAME|käytä NIMI oletusvastaanottajana"
 
 #, fuzzy
 msgid "do not use the internal CCID driver"
@@ -7121,7 +7121,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "batch mode: never ask"
 msgstr "eräajo: älä kysy mitään"
@@ -7138,17 +7138,17 @@ msgstr "lisää tämä avainrengas avainrenkaiden luetteloon"
 
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
-msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|USER-ID|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, fuzzy
 msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|PALVELIN|käytä tätä palvelinta avainten etsimiseen"
+msgstr "|SPEC|käytä tätä palvelinta avainten etsimiseen"
 
 msgid "|NAME|use cipher algorithm NAME"
-msgstr "|NIMI|käytä salausalgoritmia NIMI"
+msgstr "|NAME|käytä salausalgoritmia NIMI"
 
 msgid "|NAME|use message digest algorithm NAME"
-msgstr "|NIMI|käytä viestintiivistealgoritmia NIMI"
+msgstr "|NAME|käytä viestintiivistealgoritmia NIMI"
 
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
@@ -7964,7 +7964,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
@@ -8017,7 +8017,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
@@ -8133,7 +8133,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|connect to host NAME"
-msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
+msgstr "|NAME|aseta päätteen merkistöksi NIMI"
 
 msgid "|N|connect to port N"
 msgstr ""
@@ -8141,7 +8141,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
 msgid "|NAME|use user NAME for authentication"
-msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+msgstr "|NAME|käytä NIMI oletusvastaanottajana"
 
 msgid "|PASS|use password PASS for authentication"
 msgstr ""
@@ -8589,7 +8589,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
-msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "run /subst on startup"
 msgstr ""
@@ -8682,11 +8682,11 @@ msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
 msgid "|NAME|use NAME as default secret key"
-msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NAME|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NIMI|salaa vastaanottajalle NIMI"
+msgstr "|NAME|salaa vastaanottajalle NIMI"
 
 msgid "|SPEC|set up email aliases"
 msgstr ""
@@ -8709,7 +8709,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
-msgstr "|NIMI|käytä salasanoihin salausalgoritmia NIMI"
+msgstr "|NAME|käytä salasanoihin salausalgoritmia NIMI"
 
 msgid "do not check CRLs for root certificates"
 msgstr ""
@@ -9649,7 +9649,7 @@ msgstr ""
 #~ msgstr "lisää tämä salainen avainrengas luetteloon"
 
 #~ msgid "|FILE|load extension module FILE"
-#~ msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+#~ msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
 
 #~ msgid "|N|use compress algorithm N"
 #~ msgstr "|N|käytä pakkausalgoritmia N"
@@ -10664,7 +10664,7 @@ msgstr ""
 #~ "aseta kaikki paketti-, salain- ja tiivistevaihtoehdot PGP 2.x -muotoon"
 
 #~ msgid "|NAME|use message digest algorithm NAME for passphrases"
-#~ msgstr "|NIMI|käytä salasanoihin viestintiivistealgoritmia NIMI"
+#~ msgstr "|NAME|käytä salasanoihin viestintiivistealgoritmia NIMI"
 
 #~ msgid "throw keyid field of encrypted packets"
 #~ msgstr "jätä avaintunnistekenttä pois salatuista paketeista"
-- 
cgit v1.2.3


From a5290dace7f85d66272af3e14f9f2bc43d2a4af8 Mon Sep 17 00:00:00 2001
From: emma peel <emma.peel@aktivix.org>
Date: Mon, 16 Apr 2018 12:42:21 -0700
Subject: po: correct label tags in Polish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 po/pl.po | 68 ++++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/po/pl.po b/po/pl.po
index 3079b318e..d0e5cbf30 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -357,7 +357,7 @@ msgid "csh-style command output"
 msgstr "wyjście poleceń w stylu csh"
 
 msgid "|FILE|read options from FILE"
-msgstr "|PLIK|odczyt opcji z PLIKU"
+msgstr "|FILE|odczyt opcji z PLIKU"
 
 msgid "do not detach from the console"
 msgstr "nie odczepianie od konsoli"
@@ -377,7 +377,7 @@ msgstr "nie używanie SCdaemona"
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|accept some commands via NAME"
-msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAME|połączenie z gniazdem Assuan o tej nazwie"
 
 msgid "ignore requests to change the TTY"
 msgstr "ignorowanie żądań zmiany TTY"
@@ -1926,12 +1926,12 @@ msgstr "klucz prywatny ,,%s'' nie został odnaleziony: %s\n"
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
-msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
+msgstr "|NAME|użycie NAZWY jako domyślnego klucza tajnego"
 
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
-msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
+msgstr "|NAME|użycie NAZWY jako domyślnego klucza tajnego"
 
 #, c-format
 msgid "all values passed to '%s' ignored\n"
@@ -2101,7 +2101,7 @@ msgid "use canonical text mode"
 msgstr "kanoniczny format tekstowy"
 
 msgid "|FILE|write output to FILE"
-msgstr "|PLIK|zapis wyjścia do PLIKU"
+msgstr "|FILE|zapis wyjścia do PLIKU"
 
 msgid "do not make any changes"
 msgstr "pozostawienie bez zmian"
@@ -2632,7 +2632,7 @@ msgid "the given preferred keyserver URL is invalid\n"
 msgstr "podany preferowany URL serwera kluczy jest niepoprawny\n"
 
 msgid "|FILE|take the keys from the keyring FILE"
-msgstr "|PLIK|pobieranie kluczy ze zbioru PLIK"
+msgstr "|FILE|pobieranie kluczy ze zbioru PLIK"
 
 msgid "make timestamp conflicts only a warning"
 msgstr "nie traktować konfliktu datowników jako błędu"
@@ -6659,19 +6659,19 @@ msgid "run in multi server mode (foreground)"
 msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
 
 msgid "|LEVEL|set the debugging level to LEVEL"
-msgstr "|POZIOM|ustawienie POZIOMU diagnostyki"
+msgstr "|LEVEL|ustawienie POZIOMU diagnostyki"
 
 msgid "|FILE|write a log to FILE"
-msgstr "|PLIK|zapisanie logów do PLIKu"
+msgstr "|FILE|zapisanie logów do PLIKu"
 
 msgid "|N|connect to reader at port N"
 msgstr "|N|połączenie z czytnikiem na porcie N"
 
 msgid "|NAME|use NAME as ct-API driver"
-msgstr "|NAZWA|użycie NAZWY jako sterownika ct-API"
+msgstr "|NAME|użycie NAZWY jako sterownika ct-API"
 
 msgid "|NAME|use NAME as PC/SC driver"
-msgstr "|NAZWA|użycie NAZWY jako sterownika PC/SC"
+msgstr "|NAME|użycie NAZWY jako sterownika PC/SC"
 
 msgid "do not use the internal CCID driver"
 msgstr "nie używanie wewnętrznego sterownika CCID"
@@ -7235,7 +7235,7 @@ msgid "|N|number of certificates to include"
 msgstr "|N|liczba certyfikatów do dołączenia"
 
 msgid "|FILE|take policy information from FILE"
-msgstr "|PLIK|pobranie informacji o polityce z PLIKU"
+msgstr "|FILE|pobranie informacji o polityce z PLIKU"
 
 msgid "do not check certificate policies"
 msgstr "nie sprawdzanie polityk certyfikatów"
@@ -7247,10 +7247,10 @@ msgid "don't use the terminal at all"
 msgstr "nie używanie w ogóle terminala"
 
 msgid "|FILE|write a server mode log to FILE"
-msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
+msgstr "|FILE|zapisanie logów trybu serwerowego do PLIKU"
 
 msgid "|FILE|write an audit log to FILE"
-msgstr "|PLIK|zapisanie logów audytowych do PLIKU"
+msgstr "|FILE|zapisanie logów audytowych do PLIKU"
 
 msgid "batch mode: never ask"
 msgstr "tryb wsadowy: bez żadnych pytań"
@@ -7262,19 +7262,19 @@ msgid "assume no on most questions"
 msgstr "przyjęcie odpowiedzi ,,nie'' na większość pytań"
 
 msgid "|FILE|add keyring to the list of keyrings"
-msgstr "|PLIK|dodanie tego zbioru kluczy do listy zbiorów kluczy"
+msgstr "|FILE|dodanie tego zbioru kluczy do listy zbiorów kluczy"
 
 msgid "|USER-ID|use USER-ID as default secret key"
-msgstr "|UŻYTKOWNIK|użycie tego identyfikatora jako domyślnego klucza tajnego"
+msgstr "|USER-ID|użycie tego identyfikatora jako domyślnego klucza tajnego"
 
 msgid "|SPEC|use this keyserver to lookup keys"
 msgstr "|SPEC|użycie tego serwera do wyszukiwania kluczy"
 
 msgid "|NAME|use cipher algorithm NAME"
-msgstr "|NAZWA|użycie tego algorytmu szyfrowania NAZWA"
+msgstr "|NAME|użycie tego algorytmu szyfrowania NAZWA"
 
 msgid "|NAME|use message digest algorithm NAME"
-msgstr "|NAZWA|użycie tego algorytmu skrótu wiadomości"
+msgstr "|NAME|użycie tego algorytmu skrótu wiadomości"
 
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
@@ -8187,7 +8187,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|FILE|run commands from FILE on startup"
 msgid "|FILE|load CRL from FILE into cache"
-msgstr "|PLIK|uruchomienie poleceń z PLIKU przy starcie"
+msgstr "|FILE|uruchomienie poleceń z PLIKU przy starcie"
 
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
@@ -8201,7 +8201,7 @@ msgid "flush the cache"
 msgstr ""
 
 msgid "|FILE|write server mode logs to FILE"
-msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKu"
+msgstr "|FILE|zapisanie logów trybu serwerowego do PLIKu"
 
 #, fuzzy
 #| msgid "Quit without saving? (y/N) "
@@ -8246,7 +8246,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|FILE|read options from FILE"
 msgid "|FILE|read LDAP server list from FILE"
-msgstr "|PLIK|odczyt opcji z PLIKU"
+msgstr "|FILE|odczyt opcji z PLIKU"
 
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
@@ -8380,7 +8380,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|connect to host NAME"
-msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAME|połączenie z gniazdem Assuan o tej nazwie"
 
 #, fuzzy
 #| msgid "|N|connect to reader at port N"
@@ -8882,12 +8882,12 @@ msgid "connect to the dirmngr"
 msgstr "przekazanie polecenia do dirmngr"
 
 msgid "|NAME|connect to Assuan socket NAME"
-msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAME|połączenie z gniazdem Assuan o tej nazwie"
 
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|ADDR|connect to Assuan server at ADDR"
-msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|ADDR|połączenie z gniazdem Assuan o tej nazwie"
 
 msgid "run the Assuan server given on the command line"
 msgstr "uruchomienie serwera Assuan podanego z linii poleceń"
@@ -8896,7 +8896,7 @@ msgid "do not use extended connect mode"
 msgstr "nie używanie rozszerzonego trybu połączenia"
 
 msgid "|FILE|run commands from FILE on startup"
-msgstr "|PLIK|uruchomienie poleceń z PLIKU przy starcie"
+msgstr "|FILE|uruchomienie poleceń z PLIKU przy starcie"
 
 msgid "run /subst on startup"
 msgstr "uruchomienie /subst przy starcie"
@@ -8983,7 +8983,7 @@ msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|wymaganie przynajmniej N znaków niealfanumerycznych w nowym haśle"
 
 msgid "|FILE|check new passphrases against pattern in FILE"
-msgstr "|PLIK|sprawdzanie nowych haseł pod kątem wzorców z PLIKU"
+msgstr "|FILE|sprawdzanie nowych haseł pod kątem wzorców z PLIKU"
 
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|przedawnianie haseł po N dniach"
@@ -8998,10 +8998,10 @@ msgstr ""
 "|N|ustawienie maksymalnego czasu życia pamięci podręcznej PIN-ów na N sekund"
 
 msgid "|NAME|use NAME as default secret key"
-msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
+msgstr "|NAME|użycie NAZWY jako domyślnego klucza tajnego"
 
 msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NAZWA|szyfrowanie także dla odbiorcy NAZWA"
+msgstr "|NAME|szyfrowanie także dla odbiorcy NAZWA"
 
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|określ adres email"
@@ -9017,14 +9017,14 @@ msgstr "zezwolenie na wyszukiwania PKA (żądania DNS)"
 
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
-"|MECHANIZMY|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
+"|MECHANISMS|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
 "adresów e-mail"
 
 msgid "disable all access to the dirmngr"
 msgstr "zablokuj dostęp do dirmngr"
 
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
-msgstr "|NAZWA|użycie kodowania NAZWA dla haseł PKCS#12"
+msgstr "|NAME|użycie kodowania NAZWA dla haseł PKCS#12"
 
 msgid "do not check CRLs for root certificates"
 msgstr "nie sprawdzanie CRL dla głównych certyfikatów"
@@ -9104,13 +9104,13 @@ msgid "check all programs"
 msgstr "sprawdzenie wszystkich programów"
 
 msgid "|COMPONENT|list options"
-msgstr "|KOMPONENT|wypisanie opcji"
+msgstr "|COMPONENT|wypisanie opcji"
 
 msgid "|COMPONENT|change options"
-msgstr "|KOMPONENT|zmiana opcji"
+msgstr "|COMPONENT|zmiana opcji"
 
 msgid "|COMPONENT|check options"
-msgstr "|KOMPONENT|zaznaczenie opcji"
+msgstr "|COMPONENT|zaznaczenie opcji"
 
 msgid "apply global default values"
 msgstr "zastosowanie globalnych wartości domyślnych"
@@ -9118,7 +9118,7 @@ msgstr "zastosowanie globalnych wartości domyślnych"
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
-msgstr "|PLIK|pobranie informacji o polityce z PLIKU"
+msgstr "|FILE|pobranie informacji o polityce z PLIKU"
 
 #, fuzzy
 #| msgid "get the configuration directories for gpgconf"
@@ -9696,7 +9696,7 @@ msgstr ""
 #~ msgstr "użycie standardowego położenia gniazda"
 
 #~ msgid "|FILE|write environment settings also to FILE"
-#~ msgstr "|PLIK|zapis ustawień środowiska także do PLIKU"
+#~ msgstr "|FILE|zapis ustawień środowiska także do PLIKU"
 
 #~ msgid "Usage: gpg-agent [options] (-h for help)"
 #~ msgstr "Wywołanie: gpg-agent [opcje] (-h podaje pomoc)"
-- 
cgit v1.2.3


From 21b2e88a7e6c3d7313773c9ffb3e0d1fb2af45df Mon Sep 17 00:00:00 2001
From: emma peel <emma.peel@aktivix.org>
Date: Mon, 16 Apr 2018 12:47:14 -0700
Subject: po: correct attribution for Spanish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 po/es.po | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/po/es.po b/po/es.po
index e889e60f8..167698302 100644
--- a/po/es.po
+++ b/po/es.po
@@ -4,13 +4,12 @@
 #  I've tried to mantain the terminology used by Armando Ramos
 #  <armando@clerval.org> in his PGP 2.3.6i translation.
 #  I also got inspiration from it.po by Marco d'Itri <md@linux.it>
-#  Jaime Suárez <jaime.suma@gmail.com> 2017
-#
+# Jaime Suárez <jaime.suma@gmail.com> 2017
 msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.0.9\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2017-11-02 17:39+0100\n"
+"PO-Revision-Date: 2018-04-16 14:06+0000\n"
 "Last-Translator: emma peel <emma.peel@riseup.net>\n"
 "Language-Team: Spanish <es@li.org>\n"
 "Language: es\n"
-- 
cgit v1.2.3


From acd6d5ff7436bb7fba171ced3294046a14fb777d Mon Sep 17 00:00:00 2001
From: emma peel <emma.peel@aktivix.org>
Date: Mon, 16 Apr 2018 12:58:31 -0700
Subject: po: more updates to Spanish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 po/es.po | 215 +++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 105 insertions(+), 110 deletions(-)

diff --git a/po/es.po b/po/es.po
index 167698302..3fdaac455 100644
--- a/po/es.po
+++ b/po/es.po
@@ -252,7 +252,7 @@ msgstr "Por favor introduzca el PIN%s%s%s para desbloquear la tarjeta"
 
 #, c-format
 msgid "error creating temporary file: %s\n"
-msgstr "error creando fichero temporal: %s\n"
+msgstr "error al crear fichero temporal: %s\n"
 
 #, c-format
 msgid "error writing to temporary file: %s\n"
@@ -483,7 +483,7 @@ msgstr "no puede usar '%s' como directorio personal\n"
 
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
-msgstr "error leyendo valor único en el descriptor %d: %s\n"
+msgstr "error al leer valor único en el descriptor %d: %s\n"
 
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
@@ -608,10 +608,10 @@ msgstr "opción de clave inválida en '%s', línea %d\n"
 
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
-msgstr "error leyendo '%s', línea %d: %s\n"
+msgstr "error al leer '%s', línea %d: %s\n"
 
 msgid "error reading list of trusted root certificates\n"
-msgstr "error leyendo la lista de certificados raíz fiables\n"
+msgstr "error al leer la lista de certificados raíz fiables\n"
 
 #. TRANSLATORS: This prompt is shown by the Pinentry
 #. and has one special property: A "%%0A" is used by
@@ -736,11 +736,11 @@ msgstr "el algoritmo de protección de hash %d (%s) no se puede usar\n"
 
 #, c-format
 msgid "error creating a pipe: %s\n"
-msgstr "error creando tubería: %s\n"
+msgstr "error al crear tubería: %s\n"
 
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
-msgstr "error creando stream para una tubería: %s\n"
+msgstr "error al crear stream para una tubería: %s\n"
 
 #, c-format
 msgid "error forking process: %s\n"
@@ -1550,7 +1550,7 @@ msgstr "clave \"%s\" no encontrada: %s\n"
 
 #, c-format
 msgid "error reading keyblock: %s\n"
-msgstr "error leyendo bloque de claves: %s\n"
+msgstr "error al leer bloque de claves: %s\n"
 
 #, c-format
 msgid "key \"%s\" not found\n"
@@ -1594,7 +1594,7 @@ msgstr "use antes la opción \"--delete-secret-key\" para borrarla.\n"
 
 #, c-format
 msgid "error creating passphrase: %s\n"
-msgstr "error creando frase contraseña: %s\n"
+msgstr "error al crear frase contraseña: %s\n"
 
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "no puede usar un paquete simétrico ESK debido al modo S2K\n"
@@ -2395,7 +2395,7 @@ msgstr "algoritmo de distribución inválido '%s'\n"
 
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
-msgstr "error leyendo la especificación de clave '%s': %s\n"
+msgstr "error al leer la especificación de clave '%s': %s\n"
 
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
@@ -3260,7 +3260,7 @@ msgstr "No se puede abrir '%s': %s\n"
 
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
-msgstr "Error leyendo clave de respaldo desde '%s': %s\n"
+msgstr "Error al leer clave de respaldo desde '%s': %s\n"
 
 msgid "You must select at least one key.\n"
 msgstr "Debe seleccionar por lo menos una clave.\n"
@@ -4051,14 +4051,14 @@ msgstr ""
 "\n"
 
 msgid "Continue? (Y/n) "
-msgstr "¿Continuar? (s/N) "
+msgstr "¿Continuar? (S/n) "
 
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Ya existe una clave para \"%s\"\n"
 
 msgid "Create anyway? (y/N) "
-msgstr "¿Crear de todas formas?(y/N) "
+msgstr "¿Crear de todas formas?(s/N) "
 
 msgid "creating anyway\n"
 msgstr "creando de todas formas\n"
@@ -4088,7 +4088,7 @@ msgstr "anillo público de claves no escribible encontrado: %s\n"
 
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
-msgstr "error escribiendo anillo público '%s': %s\n"
+msgstr "error al escribir en el anillo público '%s': %s\n"
 
 msgid "public and secret key created and signed.\n"
 msgstr "claves pública y secreta creadas y firmadas.\n"
@@ -4584,7 +4584,7 @@ msgstr ""
 
 #, c-format
 msgid "unknown weak digest '%s'\n"
-msgstr "algritmo débil de resumen desconocido '%s'\n"
+msgstr "algoritmo débil de resumen desconocido '%s'\n"
 
 #. Do not overwrite.
 #, c-format
@@ -5409,7 +5409,7 @@ msgstr "%s: error actualizando el registro de versión: %s\n"
 
 #, c-format
 msgid "%s: error reading version record: %s\n"
-msgstr "%s: error leyendo registro de versión: %s\n"
+msgstr "%s: error al leer registro de versión: %s\n"
 
 #, c-format
 msgid "%s: error writing version record: %s\n"
@@ -5437,7 +5437,7 @@ msgstr "%s: versión del fichero %d inválida\n"
 
 #, c-format
 msgid "%s: error reading free record: %s\n"
-msgstr "%s: error leyendo registro libre: %s\n"
+msgstr "%s: error al leer registro libre: %s\n"
 
 #, c-format
 msgid "%s: error writing dir record: %s\n"
@@ -5600,6 +5600,7 @@ msgid_plural "Encrypted %d messages in the future."
 msgstr[0] "Cifrado %d mensaje en el futuro."
 msgstr[1] "Cifrados %d mensajes en el futuro."
 
+# this string and the following ones are not easy to translate to spanish. is the string of the answer always meaning plural thins, or it can say 1week apart of 7weeks? if so, we in Spanish need to change the translation of 'last'...
 #, c-format
 msgid "Messages verified over the past %d day: %d."
 msgid_plural "Messages verified over the past %d days: %d."
@@ -6073,7 +6074,7 @@ msgstr "la respuesta no incluye la clave pública\n"
 
 #, c-format
 msgid "reading public key failed: %s\n"
-msgstr "fallo leyendo clave pública: %s\n"
+msgstr "fallo al leer clave pública: %s\n"
 
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
@@ -6165,10 +6166,10 @@ msgid "||Please enter the PIN and New PIN"
 msgstr "||Por favor introduzca el PIN y el Nuevo PIN"
 
 msgid "error reading application data\n"
-msgstr "error leyendo datos de la aplicación\n"
+msgstr "error al leer datos de la aplicación\n"
 
 msgid "error reading fingerprint DO\n"
-msgstr "error leyendo huella digital DO\n"
+msgstr "error al leer huella digital DO\n"
 
 msgid "key already exists\n"
 msgstr "la clave ya existe\n"
@@ -6634,7 +6635,7 @@ msgstr "   (%d) Clave existente de la tarjeta\n"
 
 #, c-format
 msgid "error reading the card: %s\n"
-msgstr "error leyendo la tarjeta: %s\n"
+msgstr "error al leer la tarjeta: %s\n"
 
 #, c-format
 msgid "Serial number of the card: %s\n"
@@ -6911,7 +6912,7 @@ msgstr "error importando el certificado: %s\n"
 
 #, c-format
 msgid "error reading input: %s\n"
-msgstr "error leyendo entrada: %s\n"
+msgstr "error al leer la entrada: %s\n"
 
 msgid "failed to get the fingerprint\n"
 msgstr "fallo obteniendo huella digital\n"
@@ -7131,7 +7132,7 @@ msgstr "error al leer directorio '%s': %s\n"
 
 #, c-format
 msgid "removing cache file '%s'\n"
-msgstr "removiendo archivo de almacenamiento '%s'\n"
+msgstr "removiendo archivo de cache '%s'\n"
 
 #, c-format
 msgid "not removing file '%s'\n"
@@ -7139,41 +7140,41 @@ msgstr "no se remueve el archivo '%s'\n"
 
 #, c-format
 msgid "error closing cache file: %s\n"
-msgstr "error cerrando archivo de almacenamiento: %s\n"
+msgstr "error cerrando archivo de cache: %s\n"
 
 #, c-format
 msgid "failed to open cache dir file '%s': %s\n"
-msgstr "fallo al abrir archivo de directorio de almacenamiento '%s': %s\n"
+msgstr "fallo al abrir archivo de directorio de cache '%s': %s\n"
 
 #, c-format
 msgid "error creating new cache dir file '%s': %s\n"
-msgstr "error al crear nuevo archivo de almacenamiento '%s': %s\n"
+msgstr "error al crear nuevo archivo de cache '%s': %s\n"
 
 #, c-format
 msgid "error writing new cache dir file '%s': %s\n"
-msgstr "error al escribir nuevo archivo de almacenamiento '%s': %s\n"
+msgstr "error al escribir nuevo archivo de cache '%s': %s\n"
 
 #, c-format
 msgid "error closing new cache dir file '%s': %s\n"
-msgstr "error al cerrar nuevo archivo de almacenamiento '%s': %s\n"
+msgstr "error al cerrar nuevo archivo de cache '%s': %s\n"
 
 #, c-format
 msgid "new cache dir file '%s' created\n"
-msgstr "creado nuevo archivo de almacenamiento '%s'\n"
+msgstr "creado nuevo archivo de cache '%s'\n"
 
 #, c-format
 msgid "failed to re-open cache dir file '%s': %s\n"
-msgstr "no se puede reabrir el archivo de almacenamiento '%s': %s\n"
+msgstr "no se puede reabrir el archivo de cache '%s': %s\n"
 
 #, c-format
 msgid "first record of '%s' is not the version\n"
 msgstr "la primera entrada de '%s' no es la versión\n"
 
 msgid "old version of cache directory - cleaning up\n"
-msgstr "versión antigua del directorio de almacenamiento - limpiando\n"
+msgstr "versión antigua del directorio de cache - limpiando\n"
 
 msgid "old version of cache directory - giving up\n"
-msgstr "versión antigua del directorio de almacenamiento - me rindo\n"
+msgstr "versión antigua del directorio de cache - me rindo\n"
 
 #, c-format
 msgid "extra field detected in crl record of '%s' line %u\n"
@@ -7207,18 +7208,17 @@ msgstr "fecha no válida en '%s', línea %u\n"
 
 #, c-format
 msgid "WARNING: invalid cache file hash in '%s' line %u\n"
-msgstr ""
-"ADVERTENCIA: hash de archivo de almacenamiento no válida en '%s', línea %u\n"
+msgstr "ADVERTENCIA: hash de archivo de cache no válido en '%s', línea %u\n"
 
 msgid "detected errors in cache dir file\n"
-msgstr "errores detectados en el archivo de almacenamiento\n"
+msgstr "errores detectados en el archivo de cache\n"
 
 msgid "please check the reason and manually delete that file\n"
 msgstr "chequea el problema y borra este archivo manualmente\n"
 
 #, c-format
 msgid "failed to create temporary cache dir file '%s': %s\n"
-msgstr "no se puede crear el fichero de almacenamiento temporal '%s': %s\n"
+msgstr "no se puede crear el fichero de cache '%s': %s\n"
 
 #, c-format
 msgid "error closing '%s': %s\n"
@@ -7245,21 +7245,19 @@ msgid "invalid formatted checksum for '%s'\n"
 msgstr "formato inválido de huella digital para '%s'\n"
 
 msgid "too many open cache files; can't open anymore\n"
-msgstr ""
-"demasiados archivos de almacenamiento abiertos; ya no puedo abrir más\n"
+msgstr "demasiados archivos de cache abiertos; ya no puedo abrir más\n"
 
 #, c-format
 msgid "opening cache file '%s'\n"
-msgstr "abriendo archivo de almacenamiento '%s'\n"
+msgstr "abriendo archivo de cache '%s'\n"
 
 #, c-format
 msgid "error opening cache file '%s': %s\n"
-msgstr "error al abrir archivo de almacenamiento '%s': %s\n"
+msgstr "error al abrir archivo de cache '%s': %s\n"
 
 #, c-format
 msgid "error initializing cache file '%s' for reading: %s\n"
-msgstr ""
-"error al inicializar el archivo de almacenamiento '%s' para lectura: %s\n"
+msgstr "error al inicializar el archivo de cache '%s' para lectura: %s\n"
 
 msgid "calling unlock_db_file on a closed file\n"
 msgstr "llamando unlock_db_file para un archivo cerrado\n"
@@ -7269,7 +7267,7 @@ msgstr "llamando unlock_db_file para un archivo ya desbloqueado\n"
 
 #, c-format
 msgid "failed to create a new cache object: %s\n"
-msgstr "fallo al crear un nuevo objecto de almacenamiento: %s\n"
+msgstr "fallo al crear un nuevo objecto de cache: %s\n"
 
 #, c-format
 msgid "no CRL available for issuer id %s\n"
@@ -7308,11 +7306,11 @@ msgstr ""
 "toqueteado; necesitamos actualizar\n"
 
 msgid "WARNING: invalid cache record length for S/N "
-msgstr "ATENCIÓN: largo de entrada de almacenamiento no válido para S/N"
+msgstr "ATENCIÓN: largo de entrada de cache no válido para S/N "
 
 #, c-format
 msgid "problem reading cache record for S/N %s: %s\n"
-msgstr "problemas leyendo la entrada de cache para S/N %s: %s\n"
+msgstr "problemas al leer la entrada de cache para S/N %s: %s\n"
 
 #, c-format
 msgid "S/N %s is not valid; reason=%02X  date=%.15s\n"
@@ -7324,7 +7322,7 @@ msgstr "S/N %s es válido, no está listado en el CRL\n"
 
 #, c-format
 msgid "error getting data from cache file: %s\n"
-msgstr "error al obtener datos del archivo de almacenamiento: %s\n"
+msgstr "error al obtener datos del archivo de cache: %s\n"
 
 #, c-format
 msgid "unknown hash algorithm '%s'\n"
@@ -7393,17 +7391,15 @@ msgstr "ha fallado ksba_crl_set_reader: %s\n"
 
 #, c-format
 msgid "removed stale temporary cache file '%s'\n"
-msgstr "se ha removido el fichero temporal de almacenamiento en desuso '%s'\n"
+msgstr "se ha removido el fichero temporal de cache en desuso '%s'\n"
 
 #, c-format
 msgid "problem removing stale temporary cache file '%s': %s\n"
-msgstr ""
-"problema al remover el fichero temporal de almacenamiento en desuso '%s': "
-"%s\n"
+msgstr "problema al remover el fichero temporal de cache en desuso '%s': %s\n"
 
 #, c-format
 msgid "error creating temporary cache file '%s': %s\n"
-msgstr "error al crear fichero temporal de almacenamiento '%s': %s\n"
+msgstr "error al crear fichero temporal de cache '%s': %s\n"
 
 #, c-format
 msgid "crl_parse_insert failed: %s\n"
@@ -7411,11 +7407,11 @@ msgstr "ha fallado crl_parse_insert: %s\n"
 
 #, c-format
 msgid "error finishing temporary cache file '%s': %s\n"
-msgstr "error al finalizar fichero temporal de almacenamiento '%s': %s\n"
+msgstr "error al finalizar fichero temporal de cache '%s': %s\n"
 
 #, c-format
 msgid "error closing temporary cache file '%s': %s\n"
-msgstr "error al cerrar fichero temporal de almacenamiento '%s': %s\n"
+msgstr "error al cerrar fichero temporal de cache '%s': %s\n"
 
 #, c-format
 msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n"
@@ -7437,7 +7433,7 @@ msgstr "error al leer las extensiones CRL: %s\n"
 
 #, c-format
 msgid "creating cache file '%s'\n"
-msgstr "creando fichero de almacenamiento '%s'\n"
+msgstr "creando fichero de cache '%s'\n"
 
 #, c-format
 msgid "problem renaming '%s' to '%s': %s\n"
@@ -7447,8 +7443,8 @@ msgid ""
 "updating the DIR file failed - cache entry will get lost with the next "
 "program start\n"
 msgstr ""
-"ha fallado la actualización del archivo DIR - la entrada del almacenamiento "
-"local se perderá al reiniciar el programa\n"
+"ha fallado la actualización del archivo DIR - la entrada de cache se perderá "
+"al reiniciar el programa\n"
 
 #, c-format
 msgid "Begin CRL dump (retrieved via %s)\n"
@@ -7476,19 +7472,19 @@ msgstr ""
 " ERROR: ¡Puede que alguien haya manipulado este CRL almacenado en local!\n"
 
 msgid " WARNING: invalid cache record length\n"
-msgstr " ATENCIÓN: largo de entrada de almacenamiento no válido\n"
+msgstr " ATENCIÓN: el tamaño de la entrada de cache no es correcto\n"
 
 #, c-format
 msgid "problem reading cache record: %s\n"
-msgstr "error al leer entrada de almacenamiento: %s\n"
+msgstr "error al leer entrada de cache: %s\n"
 
 #, c-format
 msgid "problem reading cache key: %s\n"
-msgstr "problema al leer clave de almacenamiento: %s\n"
+msgstr "problema al leer clave de cache: %s\n"
 
 #, c-format
 msgid "error reading cache entry from db: %s\n"
-msgstr "error al leer entrada de almacenamiento de la base de datos: %s\n"
+msgstr "error al leer entrada de cache de la base de datos: %s\n"
 
 msgid "End CRL dump\n"
 msgstr "Terminar el dump de CRL\n"
@@ -7506,7 +7502,7 @@ msgid "crl_cache_insert via issuer failed: %s\n"
 msgstr "ha fallado crl_cache_insert via emisor: %s\n"
 
 msgid "reader to file mapping table full - waiting\n"
-msgstr ""
+msgstr "la tabla de mapeo lector a archivo está llena - esperando\n"
 
 msgid "using \"http\" instead of \"https\"\n"
 msgstr "usando \"http\" en lugar de \"https\"\n"
@@ -7552,7 +7548,7 @@ msgid "check whether a dirmngr is running"
 msgstr "verifica si hay un dirmngr corriendo"
 
 msgid "add a certificate to the cache"
-msgstr "añadir un certificado al almacenamiento local"
+msgstr "añadir un certificado a la cache"
 
 msgid "validate a certificate"
 msgstr "valida el certificado"
@@ -7652,10 +7648,10 @@ msgid "looking up '%s'\n"
 msgstr "buscando '%s'\n"
 
 msgid "list the contents of the CRL cache"
-msgstr "listar los contenidos del almacenamiento CRL"
+msgstr "listar los contenidos del cache CRL"
 
 msgid "|FILE|load CRL from FILE into cache"
-msgstr "|FILE|carga CRL de FILE al empezar"
+msgstr "|FILE|carga CRL de FILE en la cache"
 
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|carga un CRL de una URL"
@@ -7664,7 +7660,7 @@ msgid "shutdown the dirmngr"
 msgstr "apaga el dirmngr"
 
 msgid "flush the cache"
-msgstr ""
+msgstr "descargar la memoria cache"
 
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|escribir logs en modo servidor en FICHERO"
@@ -7983,7 +7979,7 @@ msgstr "el wrapper %d de ldap está parado - matándolo\n"
 
 #, c-format
 msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
+msgstr "error mientras desplegaba el hilo del ldap wrapper reaper: %s\n"
 
 #, c-format
 msgid "reading from ldap wrapper %d failed: %s\n"
@@ -7991,7 +7987,7 @@ msgstr "error al leer desde el wrapper %d de ldap: %s\n"
 
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
-msgstr ""
+msgstr "caracter incorrecto 0x%02x en el nombre de host - no añadido\n"
 
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
@@ -8003,10 +7999,10 @@ msgstr "ha fallado malloc: %s\n"
 
 #, c-format
 msgid "start_cert_fetch: invalid pattern '%s'\n"
-msgstr ""
+msgstr "start_cert_fetch: patrón '%s' incorrecto\n"
 
 msgid "ldap_search hit the size limit of the server\n"
-msgstr ""
+msgstr "ldap_search ha llegado al límite de tamaño del servidor\n"
 
 msgid "invalid canonical S-expression found\n"
 msgstr "se encontró S-expression canónica no válida\n"
@@ -8020,7 +8016,7 @@ msgid "oops: ksba_cert_hash failed: %s\n"
 msgstr "oops: ha fallado ksba_cert_hash: %s\n"
 
 msgid "bad URL encoding detected\n"
-msgstr ""
+msgstr "detectado mal encoding de la URL\n"
 
 #, c-format
 msgid "error reading from responder: %s\n"
@@ -8065,17 +8061,17 @@ msgstr "status del OCSP responder en '%s': %s\n"
 
 #, c-format
 msgid "hashing the OCSP response for '%s' failed: %s\n"
-msgstr ""
+msgstr "ha fallado el hashing de la respuesta OCSP para '%s': %s\n"
 
 msgid "not signed by a default OCSP signer's certificate"
-msgstr ""
+msgstr "no firmada por un certificado predeterminado de firma OCSP"
 
 msgid "only SHA-1 is supported for OCSP responses\n"
-msgstr ""
+msgstr "sólo SHA-1 es compatible para las respuestas OCSP\n"
 
 #, c-format
 msgid "allocating list item failed: %s\n"
-msgstr ""
+msgstr "fallo al colocar item en la lista: %s\n"
 
 #, c-format
 msgid "error getting responder ID: %s\n"
@@ -8091,10 +8087,10 @@ msgid "issuer certificate not found: %s\n"
 msgstr "no se encuentra el emisor de este certificado: %s\n"
 
 msgid "caller did not return the target certificate\n"
-msgstr ""
+msgstr "el caller no devolvió el certificado del target\n"
 
 msgid "caller did not return the issuing certificate\n"
-msgstr ""
+msgstr "el caller no devolvió el certificado emisor\n"
 
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
@@ -8102,10 +8098,10 @@ msgstr "fallo al asignar el contexto OCSP: %s\n"
 
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
-msgstr ""
+msgstr "no se ha podido obtener authorityInfoAccess: %s\n"
 
 msgid "no default OCSP responder defined\n"
-msgstr ""
+msgstr "no hay un OCSP responder predeterminado\n"
 
 msgid "no default OCSP signer defined\n"
 msgstr "no hay ningún firmante OCSP predeterminado definido\n"
@@ -8120,7 +8116,7 @@ msgstr "usar OCSP responder '%s'\n"
 
 #, c-format
 msgid "failed to establish a hashing context for OCSP: %s\n"
-msgstr ""
+msgstr "fallo al establecer un contexto de hashing para OCSP: %s\n"
 
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
@@ -8138,68 +8134,67 @@ msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "el certificado ha sido revocado el: %s a causa de: %s\n"
 
 msgid "OCSP responder returned a status in the future\n"
-msgstr ""
+msgstr "el OCSP respondor ha devuelto un estado en el futuro\n"
 
 msgid "OCSP responder returned a non-current status\n"
-msgstr ""
+msgstr "el OCSP respondor ha devuelto un estado no actual\n"
 
 msgid "OCSP responder returned an too old status\n"
-msgstr ""
+msgstr "el OCSP respondor ha devuelto un estado demasiado antiguo\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "assuan_inquire(%s) failed: %s\n"
-msgstr "renombrar '%s' a '%s' falló: %s\n"
+msgstr "ha fallado assuan_inquire(%s): %s\n"
 
-#, fuzzy
 msgid "ldapserver missing"
-msgstr "falta el parámetro"
+msgstr "falta el ldapserver"
 
 msgid "serialno missing in cert ID"
-msgstr ""
+msgstr "falta el número de serie en el ID del certificado"
 
-#, fuzzy, c-format
+#, c-format
 msgid "assuan_inquire failed: %s\n"
-msgstr "ha fallado la búsqueda '%s': %s\n"
+msgstr "ha fallado assuan_inquire: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "fetch_cert_by_url failed: %s\n"
-msgstr "ha fallado crl_fetch via DP: %s\n"
+msgstr "ha fallado fetch_cert_by_url: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "error sending data: %s\n"
-msgstr "clave %s: error enviando al agente: %s\n"
+msgstr "error al enviar datos: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "start_cert_fetch failed: %s\n"
-msgstr "ha fallado crl_fetch via DP: %s\n"
+msgstr "ha fallado start_cert_fetch: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "fetch_next_cert failed: %s\n"
-msgstr "lectura fallida: %s\n"
+msgstr "ha fallado fetch_next_cert: %s\n"
 
 #, c-format
 msgid "max_replies %d exceeded\n"
-msgstr ""
+msgstr "se ha excedido el número de respuestas(max_replies) %d\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "can't allocate control structure: %s\n"
-msgstr "no puedo reservar espacio para la cadena de salida: %s\n"
+msgstr "no puedo colocar la estructura de control: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "failed to allocate assuan context: %s\n"
-msgstr "fallo al crear un flujo desde el socket: %s\n"
+msgstr "fallo al reservar el contexto assuan: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "failed to initialize the server: %s\n"
-msgstr "inicialización de la base de datos de confianza fallida: %s\n"
+msgstr "ha fallado la inicialización del servidor: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "failed to the register commands with Assuan: %s\n"
-msgstr "fallo guardando la fecha de creación: %s\n"
+msgstr "fallo en las órdenes de registro con Assuan: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Assuan accept problem: %s\n"
-msgstr "problema al renombrar '%s' a '%s': %s\n"
+msgstr "problema de aceptación Assuan: %s\n"
 
 #, c-format
 msgid "Assuan processing failed: %s\n"
@@ -8406,7 +8401,7 @@ msgid "Private Keys"
 msgstr "Claves privados"
 
 msgid "Smartcards"
-msgstr ""
+msgstr "Smartcards"
 
 msgid "S/MIME"
 msgstr "S/MIME"
@@ -8475,7 +8470,7 @@ msgid "check global configuration file"
 msgstr "comprobar fichero global de configuración"
 
 msgid "query the software version database"
-msgstr ""
+msgstr "consulta la base de datos de versiones de software"
 
 msgid "reload all or a given component"
 msgstr "listar todos los componentes, o uno en particular"
@@ -8576,7 +8571,7 @@ msgstr "error escribiendo en %s: %s\n"
 
 #, c-format
 msgid "error reading from %s: %s\n"
-msgstr "error leyendo de %s: %s\n"
+msgstr "error al leer de %s: %s\n"
 
 #, c-format
 msgid "error closing %s: %s\n"
-- 
cgit v1.2.3


From a44ed3d9a1ad5bd96694f10ea5523c517982017e Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Fri, 20 Apr 2018 10:59:28 +0200
Subject: doc: Remove unneccesary empty flags in vsndf.prf

* doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
---
 doc/examples/vsnfd.prf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/examples/vsnfd.prf b/doc/examples/vsnfd.prf
index 061e06982..2884fe71e 100644
--- a/doc/examples/vsnfd.prf
+++ b/doc/examples/vsnfd.prf
@@ -15,7 +15,7 @@ enable-crl-checks
 [gpg-agent]
 enable-extended-key-format
 default-cache-ttl 900
-max-cache-ttl [] 3600
+max-cache-ttl 3600
 no-allow-mark-trusted
 no-allow-external-cache
 enforce-passphrase-constraints
-- 
cgit v1.2.3


From 64c1fddb253061a9773c6c4ed2a9c5a54702d21b Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Fri, 20 Apr 2018 15:53:58 +0200
Subject: dirmngr: More binary I/O on Windows for CRLs

* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
file in binary mode.

--
CRLs on Windows would have line ending entries converted. This
did not cause problems in a surprising amount of cases but
can lead to unexpected and random parse / read errors. Especially
with large CRLs like cacert.

This bug has been around since 2004.

GnuPG-Bug-Id: T3923
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
---
 dirmngr/crlcache.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 6eeeb8dd3..0b2fe1641 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -125,6 +125,9 @@
    idea anyway to limit the number of opened cache files. */
 #define MAX_OPEN_DB_FILES 5
 
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
 
 static const char oidstr_crlNumber[] = "2.5.29.20";
 /* static const char oidstr_issuingDistributionPoint[] = "2.5.29.28"; */
@@ -1139,7 +1142,7 @@ lock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
       xfree (fname);
       return NULL;
     }
-  fd = open (fname, O_RDONLY);
+  fd = open (fname, O_RDONLY | O_BINARY);
   if (fd == -1)
     {
       log_error (_("error opening cache file '%s': %s\n"),
@@ -2051,7 +2054,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
       }
   }
 
-  fd_cdb = open (fname, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+  fd_cdb = open (fname, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
   if (fd_cdb == -1)
     {
       err = gpg_error_from_errno (errno);
-- 
cgit v1.2.3


From 7cfb2c929d60d53f918d7b371dade448bc752d30 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 23 Apr 2018 08:42:08 +0200
Subject: Revert "po: correct label tags in Finnish translation"

--

The changed tags need to be kept localized because the description
text refers them.  Using the English for the tag and then the
translated version in the description confuses users.

Fixes-commit: e12475429578add12a53fb2232cb45dc9e2aae1b.
---
 po/fi.po | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/po/fi.po b/po/fi.po
index 1e5236eff..ee4085990 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -346,7 +346,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|read options from FILE"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "do not detach from the console"
 msgstr ""
@@ -368,7 +368,7 @@ msgstr "päivitä luottamustietokanta"
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
-msgstr "|NAME|aseta päätteen merkistöksi NIMI"
+msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
 
 msgid "ignore requests to change the TTY"
 msgstr ""
@@ -1914,12 +1914,12 @@ msgstr "salaista avainta \"%s\" ei löydy: %s\n"
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
-msgstr "|NAME|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
-msgstr "|NAME|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, c-format
 msgid "all values passed to '%s' ignored\n"
@@ -2081,7 +2081,7 @@ msgstr "tuota ascii-koodattu tuloste"
 
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
-msgstr "|USER-ID|salaa vastaanottajalle NIMI"
+msgstr "|NIMI|salaa vastaanottajalle NIMI"
 
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
@@ -2096,7 +2096,7 @@ msgstr "käytä tekstimuotoa"
 
 #, fuzzy
 msgid "|FILE|write output to FILE"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "do not make any changes"
 msgstr "älä tee muutoksia"
@@ -6534,18 +6534,18 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|write a log to FILE"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "|N|connect to reader at port N"
 msgstr ""
 
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
-msgstr "|NAME|käytä NIMI oletusvastaanottajana"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
-msgstr "|NAME|käytä NIMI oletusvastaanottajana"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
 #, fuzzy
 msgid "do not use the internal CCID driver"
@@ -7121,7 +7121,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "batch mode: never ask"
 msgstr "eräajo: älä kysy mitään"
@@ -7138,17 +7138,17 @@ msgstr "lisää tämä avainrengas avainrenkaiden luetteloon"
 
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
-msgstr "|USER-ID|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, fuzzy
 msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|käytä tätä palvelinta avainten etsimiseen"
+msgstr "|PALVELIN|käytä tätä palvelinta avainten etsimiseen"
 
 msgid "|NAME|use cipher algorithm NAME"
-msgstr "|NAME|käytä salausalgoritmia NIMI"
+msgstr "|NIMI|käytä salausalgoritmia NIMI"
 
 msgid "|NAME|use message digest algorithm NAME"
-msgstr "|NAME|käytä viestintiivistealgoritmia NIMI"
+msgstr "|NIMI|käytä viestintiivistealgoritmia NIMI"
 
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
@@ -7964,7 +7964,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
@@ -8017,7 +8017,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
@@ -8133,7 +8133,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|connect to host NAME"
-msgstr "|NAME|aseta päätteen merkistöksi NIMI"
+msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
 
 msgid "|N|connect to port N"
 msgstr ""
@@ -8141,7 +8141,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
 msgid "|NAME|use user NAME for authentication"
-msgstr "|NAME|käytä NIMI oletusvastaanottajana"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
 msgid "|PASS|use password PASS for authentication"
 msgstr ""
@@ -8589,7 +8589,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
-msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 msgid "run /subst on startup"
 msgstr ""
@@ -8682,11 +8682,11 @@ msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
 msgid "|NAME|use NAME as default secret key"
-msgstr "|NAME|käytä oletusarvoisesti salaista avainta NIMI"
+msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NAME|salaa vastaanottajalle NIMI"
+msgstr "|NIMI|salaa vastaanottajalle NIMI"
 
 msgid "|SPEC|set up email aliases"
 msgstr ""
@@ -8709,7 +8709,7 @@ msgstr ""
 
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
-msgstr "|NAME|käytä salasanoihin salausalgoritmia NIMI"
+msgstr "|NIMI|käytä salasanoihin salausalgoritmia NIMI"
 
 msgid "do not check CRLs for root certificates"
 msgstr ""
@@ -9649,7 +9649,7 @@ msgstr ""
 #~ msgstr "lisää tämä salainen avainrengas luetteloon"
 
 #~ msgid "|FILE|load extension module FILE"
-#~ msgstr "|FILE|lataa laajennusmoduuli TIEDOSTO"
+#~ msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
 #~ msgid "|N|use compress algorithm N"
 #~ msgstr "|N|käytä pakkausalgoritmia N"
@@ -10664,7 +10664,7 @@ msgstr ""
 #~ "aseta kaikki paketti-, salain- ja tiivistevaihtoehdot PGP 2.x -muotoon"
 
 #~ msgid "|NAME|use message digest algorithm NAME for passphrases"
-#~ msgstr "|NAME|käytä salasanoihin viestintiivistealgoritmia NIMI"
+#~ msgstr "|NIMI|käytä salasanoihin viestintiivistealgoritmia NIMI"
 
 #~ msgid "throw keyid field of encrypted packets"
 #~ msgstr "jätä avaintunnistekenttä pois salatuista paketeista"
-- 
cgit v1.2.3


From 41734c2756cf2eb81b71e2b24813319059d16619 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 23 Apr 2018 08:44:48 +0200
Subject: Revert "po: correct label tags in Polish translation"

--

The changed tags need to be kept localized because the description
text refers them.  Using the English for the tag and then the
translated version in the description confuses users.

Fixes-commit: a5290dace7f85d66272af3e14f9f2bc43d2a4af8.
---
 po/pl.po | 68 ++++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/po/pl.po b/po/pl.po
index d0e5cbf30..3079b318e 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -357,7 +357,7 @@ msgid "csh-style command output"
 msgstr "wyjście poleceń w stylu csh"
 
 msgid "|FILE|read options from FILE"
-msgstr "|FILE|odczyt opcji z PLIKU"
+msgstr "|PLIK|odczyt opcji z PLIKU"
 
 msgid "do not detach from the console"
 msgstr "nie odczepianie od konsoli"
@@ -377,7 +377,7 @@ msgstr "nie używanie SCdaemona"
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|accept some commands via NAME"
-msgstr "|NAME|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
 
 msgid "ignore requests to change the TTY"
 msgstr "ignorowanie żądań zmiany TTY"
@@ -1926,12 +1926,12 @@ msgstr "klucz prywatny ,,%s'' nie został odnaleziony: %s\n"
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
-msgstr "|NAME|użycie NAZWY jako domyślnego klucza tajnego"
+msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
 
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
-msgstr "|NAME|użycie NAZWY jako domyślnego klucza tajnego"
+msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
 
 #, c-format
 msgid "all values passed to '%s' ignored\n"
@@ -2101,7 +2101,7 @@ msgid "use canonical text mode"
 msgstr "kanoniczny format tekstowy"
 
 msgid "|FILE|write output to FILE"
-msgstr "|FILE|zapis wyjścia do PLIKU"
+msgstr "|PLIK|zapis wyjścia do PLIKU"
 
 msgid "do not make any changes"
 msgstr "pozostawienie bez zmian"
@@ -2632,7 +2632,7 @@ msgid "the given preferred keyserver URL is invalid\n"
 msgstr "podany preferowany URL serwera kluczy jest niepoprawny\n"
 
 msgid "|FILE|take the keys from the keyring FILE"
-msgstr "|FILE|pobieranie kluczy ze zbioru PLIK"
+msgstr "|PLIK|pobieranie kluczy ze zbioru PLIK"
 
 msgid "make timestamp conflicts only a warning"
 msgstr "nie traktować konfliktu datowników jako błędu"
@@ -6659,19 +6659,19 @@ msgid "run in multi server mode (foreground)"
 msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
 
 msgid "|LEVEL|set the debugging level to LEVEL"
-msgstr "|LEVEL|ustawienie POZIOMU diagnostyki"
+msgstr "|POZIOM|ustawienie POZIOMU diagnostyki"
 
 msgid "|FILE|write a log to FILE"
-msgstr "|FILE|zapisanie logów do PLIKu"
+msgstr "|PLIK|zapisanie logów do PLIKu"
 
 msgid "|N|connect to reader at port N"
 msgstr "|N|połączenie z czytnikiem na porcie N"
 
 msgid "|NAME|use NAME as ct-API driver"
-msgstr "|NAME|użycie NAZWY jako sterownika ct-API"
+msgstr "|NAZWA|użycie NAZWY jako sterownika ct-API"
 
 msgid "|NAME|use NAME as PC/SC driver"
-msgstr "|NAME|użycie NAZWY jako sterownika PC/SC"
+msgstr "|NAZWA|użycie NAZWY jako sterownika PC/SC"
 
 msgid "do not use the internal CCID driver"
 msgstr "nie używanie wewnętrznego sterownika CCID"
@@ -7235,7 +7235,7 @@ msgid "|N|number of certificates to include"
 msgstr "|N|liczba certyfikatów do dołączenia"
 
 msgid "|FILE|take policy information from FILE"
-msgstr "|FILE|pobranie informacji o polityce z PLIKU"
+msgstr "|PLIK|pobranie informacji o polityce z PLIKU"
 
 msgid "do not check certificate policies"
 msgstr "nie sprawdzanie polityk certyfikatów"
@@ -7247,10 +7247,10 @@ msgid "don't use the terminal at all"
 msgstr "nie używanie w ogóle terminala"
 
 msgid "|FILE|write a server mode log to FILE"
-msgstr "|FILE|zapisanie logów trybu serwerowego do PLIKU"
+msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
 
 msgid "|FILE|write an audit log to FILE"
-msgstr "|FILE|zapisanie logów audytowych do PLIKU"
+msgstr "|PLIK|zapisanie logów audytowych do PLIKU"
 
 msgid "batch mode: never ask"
 msgstr "tryb wsadowy: bez żadnych pytań"
@@ -7262,19 +7262,19 @@ msgid "assume no on most questions"
 msgstr "przyjęcie odpowiedzi ,,nie'' na większość pytań"
 
 msgid "|FILE|add keyring to the list of keyrings"
-msgstr "|FILE|dodanie tego zbioru kluczy do listy zbiorów kluczy"
+msgstr "|PLIK|dodanie tego zbioru kluczy do listy zbiorów kluczy"
 
 msgid "|USER-ID|use USER-ID as default secret key"
-msgstr "|USER-ID|użycie tego identyfikatora jako domyślnego klucza tajnego"
+msgstr "|UŻYTKOWNIK|użycie tego identyfikatora jako domyślnego klucza tajnego"
 
 msgid "|SPEC|use this keyserver to lookup keys"
 msgstr "|SPEC|użycie tego serwera do wyszukiwania kluczy"
 
 msgid "|NAME|use cipher algorithm NAME"
-msgstr "|NAME|użycie tego algorytmu szyfrowania NAZWA"
+msgstr "|NAZWA|użycie tego algorytmu szyfrowania NAZWA"
 
 msgid "|NAME|use message digest algorithm NAME"
-msgstr "|NAME|użycie tego algorytmu skrótu wiadomości"
+msgstr "|NAZWA|użycie tego algorytmu skrótu wiadomości"
 
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
@@ -8187,7 +8187,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|FILE|run commands from FILE on startup"
 msgid "|FILE|load CRL from FILE into cache"
-msgstr "|FILE|uruchomienie poleceń z PLIKU przy starcie"
+msgstr "|PLIK|uruchomienie poleceń z PLIKU przy starcie"
 
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
@@ -8201,7 +8201,7 @@ msgid "flush the cache"
 msgstr ""
 
 msgid "|FILE|write server mode logs to FILE"
-msgstr "|FILE|zapisanie logów trybu serwerowego do PLIKu"
+msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKu"
 
 #, fuzzy
 #| msgid "Quit without saving? (y/N) "
@@ -8246,7 +8246,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|FILE|read options from FILE"
 msgid "|FILE|read LDAP server list from FILE"
-msgstr "|FILE|odczyt opcji z PLIKU"
+msgstr "|PLIK|odczyt opcji z PLIKU"
 
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
@@ -8380,7 +8380,7 @@ msgstr ""
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|connect to host NAME"
-msgstr "|NAME|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
 
 #, fuzzy
 #| msgid "|N|connect to reader at port N"
@@ -8882,12 +8882,12 @@ msgid "connect to the dirmngr"
 msgstr "przekazanie polecenia do dirmngr"
 
 msgid "|NAME|connect to Assuan socket NAME"
-msgstr "|NAME|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
 
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|ADDR|connect to Assuan server at ADDR"
-msgstr "|ADDR|połączenie z gniazdem Assuan o tej nazwie"
+msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
 
 msgid "run the Assuan server given on the command line"
 msgstr "uruchomienie serwera Assuan podanego z linii poleceń"
@@ -8896,7 +8896,7 @@ msgid "do not use extended connect mode"
 msgstr "nie używanie rozszerzonego trybu połączenia"
 
 msgid "|FILE|run commands from FILE on startup"
-msgstr "|FILE|uruchomienie poleceń z PLIKU przy starcie"
+msgstr "|PLIK|uruchomienie poleceń z PLIKU przy starcie"
 
 msgid "run /subst on startup"
 msgstr "uruchomienie /subst przy starcie"
@@ -8983,7 +8983,7 @@ msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|wymaganie przynajmniej N znaków niealfanumerycznych w nowym haśle"
 
 msgid "|FILE|check new passphrases against pattern in FILE"
-msgstr "|FILE|sprawdzanie nowych haseł pod kątem wzorców z PLIKU"
+msgstr "|PLIK|sprawdzanie nowych haseł pod kątem wzorców z PLIKU"
 
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|przedawnianie haseł po N dniach"
@@ -8998,10 +8998,10 @@ msgstr ""
 "|N|ustawienie maksymalnego czasu życia pamięci podręcznej PIN-ów na N sekund"
 
 msgid "|NAME|use NAME as default secret key"
-msgstr "|NAME|użycie NAZWY jako domyślnego klucza tajnego"
+msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
 
 msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NAME|szyfrowanie także dla odbiorcy NAZWA"
+msgstr "|NAZWA|szyfrowanie także dla odbiorcy NAZWA"
 
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|określ adres email"
@@ -9017,14 +9017,14 @@ msgstr "zezwolenie na wyszukiwania PKA (żądania DNS)"
 
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
-"|MECHANISMS|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
+"|MECHANIZMY|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
 "adresów e-mail"
 
 msgid "disable all access to the dirmngr"
 msgstr "zablokuj dostęp do dirmngr"
 
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
-msgstr "|NAME|użycie kodowania NAZWA dla haseł PKCS#12"
+msgstr "|NAZWA|użycie kodowania NAZWA dla haseł PKCS#12"
 
 msgid "do not check CRLs for root certificates"
 msgstr "nie sprawdzanie CRL dla głównych certyfikatów"
@@ -9104,13 +9104,13 @@ msgid "check all programs"
 msgstr "sprawdzenie wszystkich programów"
 
 msgid "|COMPONENT|list options"
-msgstr "|COMPONENT|wypisanie opcji"
+msgstr "|KOMPONENT|wypisanie opcji"
 
 msgid "|COMPONENT|change options"
-msgstr "|COMPONENT|zmiana opcji"
+msgstr "|KOMPONENT|zmiana opcji"
 
 msgid "|COMPONENT|check options"
-msgstr "|COMPONENT|zaznaczenie opcji"
+msgstr "|KOMPONENT|zaznaczenie opcji"
 
 msgid "apply global default values"
 msgstr "zastosowanie globalnych wartości domyślnych"
@@ -9118,7 +9118,7 @@ msgstr "zastosowanie globalnych wartości domyślnych"
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
-msgstr "|FILE|pobranie informacji o polityce z PLIKU"
+msgstr "|PLIK|pobranie informacji o polityce z PLIKU"
 
 #, fuzzy
 #| msgid "get the configuration directories for gpgconf"
@@ -9696,7 +9696,7 @@ msgstr ""
 #~ msgstr "użycie standardowego położenia gniazda"
 
 #~ msgid "|FILE|write environment settings also to FILE"
-#~ msgstr "|FILE|zapis ustawień środowiska także do PLIKU"
+#~ msgstr "|PLIK|zapis ustawień środowiska także do PLIKU"
 
 #~ msgid "Usage: gpg-agent [options] (-h for help)"
 #~ msgstr "Wywołanie: gpg-agent [opcje] (-h podaje pomoc)"
-- 
cgit v1.2.3


From d2ad715441a960ec1e7584022c18042269436812 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 23 Apr 2018 09:23:41 +0200
Subject: doc: Update NEWS and add an example to gpg.texi.

--
---
 NEWS         | 16 ++++++++++++++++
 doc/gpg.texi |  8 +++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index cd547a1eb..7547b2aa1 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,18 @@ Noteworthy changes in version 2.2.7 (unreleased)
   * gpg: The ERRSIG status now prints the fingerprint if that is part
     of the signature.
 
+  * gpg: Relax emitting of FAILURE status lines
+
+  * gpg: Add a status flag to "sig" lines printed with --list-sigs.
+
+  * ssh: Return an error for unknown ssh-agent flags.  [#3880]
+
+  * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
+    debugging.
+
+  * dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
+    caches under Windows.  [#2448,#3923]
+
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
 ------------------------------------------------
@@ -54,6 +66,8 @@ Noteworthy changes in version 2.2.6 (2018-04-09)
 
   * Allow the use of UNC directory names as homedir.  [#3818]
 
+  See-also: gnupg-announce/2018q2/000421.html
+
 
 Noteworthy changes in version 2.2.5 (2018-02-22)
 ------------------------------------------------
@@ -99,6 +113,8 @@ Noteworthy changes in version 2.2.5 (2018-02-22)
     with statically linked versions of the core GnuPG libraries.  Also
     use --enable-wks-tools by default by Speedo builds for Unix.
 
+  See-also: gnupg-announce/2018q1/000420.html
+
 
 Noteworthy changes in version 2.2.4 (2017-12-20)
 ------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 908af7b03..2888050a7 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3263,8 +3263,14 @@ print the public key data.
 Same as @option{--list-keys}, but the signatures are listed too.  This
 command has the same effect as using @option{--list-keys} with
 @option{--with-sig-list}.  Note that in contrast to
-@option{--check-signatures} the key signatures are not verified.
+@option{--check-signatures} the key signatures are not verified.  This
+command can be used to create a list of signing keys missing in the
+lcoal keyring; for example:
 
+@example
+      gpg --list-sigs --with-colons USERID | \
+        awk -F: '$1=="sig" && $2=="?" @{if($13)@{print $13@}else@{print $5@}@}'
+@end example
 
 @item --fast-list-mode
 @opindex fast-list-mode
-- 
cgit v1.2.3


From 460e3812be711bd18195053d74aa736215f21eee Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 24 Apr 2018 11:40:51 +0200
Subject: dirmngr: Fallback to CRL if no default OCSP responder is configured.

* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
OCSP checkibng.  Fallback to CRL if no default OCSP responder has been
configured.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/server.c  | 65 +++++++++++++++++++++++++++++++++++--------------------
 sm/call-dirmngr.c | 41 +++++++++++++++--------------------
 2 files changed, 59 insertions(+), 47 deletions(-)

diff --git a/dirmngr/server.c b/dirmngr/server.c
index 4315c4133..48244d4af 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1105,7 +1105,7 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
 
 static const char hlp_isvalid[] =
   "ISVALID [--only-ocsp] [--force-default-responder]"
-  " <certificate_id>|<certificate_fpr>\n"
+  " <certificate_id> [<certificate_fpr>]\n"
   "\n"
   "This command checks whether the certificate identified by the\n"
   "certificate_id is valid.  This is done by consulting CRLs or\n"
@@ -1117,8 +1117,9 @@ static const char hlp_isvalid[] =
   "delimited by a single dot.  The first part is the SHA-1 hash of the\n"
   "issuer name and the second part the serial number.\n"
   "\n"
-  "Alternatively the certificate's fingerprint may be given in which\n"
-  "case an OCSP request is done before consulting the CRL.\n"
+  "If an OCSP check is desired CERTIFICATE_FPR with the hex encoded\n"
+  "fingerprint of the certificate is required.  In this case an OCSP\n"
+  "request is done before consulting the CRL.\n"
   "\n"
   "If the option --only-ocsp is given, no fallback to a CRL check will\n"
   "be used.\n"
@@ -1130,7 +1131,7 @@ static gpg_error_t
 cmd_isvalid (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
-  char *issuerhash, *serialno;
+  char *issuerhash, *serialno, *fpr;
   gpg_error_t err;
   int did_inquire = 0;
   int ocsp_mode = 0;
@@ -1141,25 +1142,36 @@ cmd_isvalid (assuan_context_t ctx, char *line)
   force_default_responder = has_option (line, "--force-default-responder");
   line = skip_options (line);
 
-  issuerhash = xstrdup (line); /* We need to work on a copy of the
-                                  line because that same Assuan
-                                  context may be used for an inquiry.
-                                  That is because Assuan reuses its
-                                  line buffer.
-                                   */
+  /* We need to work on a copy of the line because that same Assuan
+   * context may be used for an inquiry.  That is because Assuan
+   * reuses its line buffer.  */
+  issuerhash = xstrdup (line);
 
   serialno = strchr (issuerhash, '.');
-  if (serialno)
-    *serialno++ = 0;
-  else
+  if (!serialno)
+    {
+      xfree (issuerhash);
+      return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
+    }
+  *serialno++ = 0;
+  if (strlen (issuerhash) != 40)
     {
-      char *endp = strchr (issuerhash, ' ');
+      xfree (issuerhash);
+      return leave_cmd (ctx, PARM_ERROR ("cert ID is too short"));
+    }
+
+  fpr = strchr (serialno, ' ');
+  while (fpr && spacep (fpr))
+    fpr++;
+  if (fpr && *fpr)
+    {
+      char *endp = strchr (fpr, ' ');
       if (endp)
         *endp = 0;
-      if (strlen (issuerhash) != 40)
+      if (strlen (fpr) != 40)
         {
           xfree (issuerhash);
-          return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
+          return leave_cmd (ctx, PARM_ERROR ("fingerprint too short"));
         }
       ocsp_mode = 1;
     }
@@ -1168,17 +1180,24 @@ cmd_isvalid (assuan_context_t ctx, char *line)
  again:
   if (ocsp_mode)
     {
-      /* Note, that we ignore the given issuer hash and instead rely
-         on the current certificate semantics used with this
-         command. */
+      /* Note, that we currently ignore the supplied fingerprint FPR;
+       * instead ocsp_isvalid does an inquire to ask for the cert.
+       * The fingerprint may eventually be used to lookup the
+       * certificate in a local cache.  */
       if (!opt.allow_ocsp)
         err = gpg_error (GPG_ERR_NOT_SUPPORTED);
       else
         err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
-      /* Fixme: If we got no ocsp response and --only-ocsp is not used
-         we should fall back to CRL mode.  Thus we need to clear
-         OCSP_MODE, get the issuerhash and the serialno from the
-         current certificate and jump to again. */
+
+      if (gpg_err_code (err) == GPG_ERR_CONFIGURATION
+          && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR)
+        {
+          /* No default responder configured - fallback to CRL.  */
+          if (!only_ocsp)
+            log_info ("falling back to CRL check\n");
+          ocsp_mode = 0;
+          goto again;
+        }
     }
   else if (only_ocsp)
     err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index e94311892..3a38bca50 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -491,8 +491,8 @@ isvalid_status_cb (void *opaque, const char *line)
 
   Values for USE_OCSP:
      0 = Do CRL check.
-     1 = Do an OCSP check.
-     2 = Do an OCSP check using only the default responder.
+     1 = Do an OCSP check but fallback to CRL unless CRLS are disabled.
+     2 = Do only an OCSP check using only the default responder.
  */
 int
 gpgsm_dirmngr_isvalid (ctrl_t ctrl,
@@ -500,7 +500,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
 {
   static int did_options;
   int rc;
-  char *certid;
+  char *certid, *certfpr;
   char line[ASSUAN_LINELENGTH];
   struct inq_certificate_parm_s parm;
   struct isvalid_status_parm_s stparm;
@@ -509,19 +509,13 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
   if (rc)
     return rc;
 
-  if (use_ocsp)
+  certfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  certid = gpgsm_get_certid (cert);
+  if (!certid)
     {
-      certid = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
-    }
-  else
-    {
-      certid = gpgsm_get_certid (cert);
-      if (!certid)
-        {
-          log_error ("error getting the certificate ID\n");
-	  release_dirmngr (ctrl);
-          return gpg_error (GPG_ERR_GENERAL);
-        }
+      log_error ("error getting the certificate ID\n");
+      release_dirmngr (ctrl);
+      return gpg_error (GPG_ERR_GENERAL);
     }
 
   if (opt.verbose > 1)
@@ -541,13 +535,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
   stparm.seen = 0;
   memset (stparm.fpr, 0, 20);
 
-  /* FIXME: If --disable-crl-checks has been set, we should pass an
-     option to dirmngr, so that no fallback CRL check is done after an
-     ocsp check.  It is not a problem right now as dirmngr does not
-     fallback to CRL checking.  */
-
   /* It is sufficient to send the options only once because we have
-     one connection per process only. */
+   * one connection per process only.  */
   if (!did_options)
     {
       if (opt.force_crl_refresh)
@@ -555,10 +544,14 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
                          NULL, NULL, NULL, NULL, NULL, NULL);
       did_options = 1;
     }
-  snprintf (line, DIM(line), "ISVALID%s %s",
-            use_ocsp == 2? " --only-ocsp --force-default-responder":"",
-            certid);
+  snprintf (line, DIM(line), "ISVALID%s%s %s%s%s",
+            use_ocsp == 2 || opt.no_crl_check ? " --only-ocsp":"",
+            use_ocsp == 2? " --force-default-responder":"",
+            certid,
+            use_ocsp? " ":"",
+            use_ocsp? certfpr:"");
   xfree (certid);
+  xfree (certfpr);
 
   rc = assuan_transact (dirmngr_ctx, line, NULL, NULL,
                         inq_certificate, &parm,
-- 
cgit v1.2.3


From 71903eee89496e3f1d0a24536bced6ff16df6783 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 25 Apr 2018 09:37:21 +0900
Subject: g10: Fix printing the keygrip with --card-status.

* g10/card-util.c (current_card_status): Keygrip for Auth is 3.

--

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/card-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/card-util.c b/g10/card-util.c
index 1a249fb81..3148de0fa 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -633,7 +633,7 @@ current_card_status (ctrl_t ctrl, estream_t fp,
         {
           tty_fprintf (fp, "      created ....: %s\n",
                        isotimestamp (info.fpr3time));
-          print_keygrip (fp, info.grp2);
+          print_keygrip (fp, info.grp3);
         }
       tty_fprintf (fp, "General key info..: ");
 
-- 
cgit v1.2.3


From 705d8e9cf0d109005b3441766270c0e584f7847d Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 25 Apr 2018 09:43:18 +0200
Subject: dirmngr: Implement CRL fetching via https.

* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--

The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption.  Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS.  These days we should not use any unencrypted content
and thus this patch.

Be aware that cacert.org give a https CRL DP but that currently
redirects to to http!  This is a downgrade attack which we detect and
don't allow.  The outcome is that it is right now not possible to use
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/certcache.c      |   5 ++
 dirmngr/crlfetch.c       | 160 ++++++++++++++---------------------------------
 dirmngr/http-ntbtls.c    |   4 +-
 dirmngr/http.c           |  48 ++++++++++++++
 dirmngr/http.h           |   6 +-
 dirmngr/ks-action.c      |   5 +-
 dirmngr/ks-engine-http.c |  26 +++++---
 dirmngr/ks-engine.h      |   4 +-
 dirmngr/loadswdb.c       |   2 +-
 dirmngr/server.c         |   4 +-
 10 files changed, 133 insertions(+), 131 deletions(-)

diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 56629fdda..adb005ec8 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -423,6 +423,9 @@ load_certs_from_dir (const char *dirname, unsigned int trustclass)
         log_info (_("certificate '%s' already cached\n"), fname);
       else if (!err)
         {
+          if ((trustclass & CERTTRUST_CLASS_CONFIG))
+            http_register_cfg_ca (fname);
+
           if (trustclass)
             log_info (_("trusted certificate '%s' loaded\n"), fname);
           else
@@ -763,6 +766,8 @@ cert_cache_deinit (int full)
         }
     }
 
+  http_register_cfg_ca (NULL);
+
   total_nonperm_certificates = 0;
   any_cert_of_class = 0;
   initialization_done = 0;
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 0892421e9..0d27aa0f1 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -28,6 +28,7 @@
 #include "dirmngr.h"
 #include "misc.h"
 #include "http.h"
+#include "ks-engine.h"  /* For ks_http_fetch.  */
 
 #if USE_LDAP
 # include "ldap-wrapper.h"
@@ -154,41 +155,17 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
 {
   gpg_error_t err;
   parsed_uri_t uri;
-  char *free_this = NULL;
-  int redirects_left = 2; /* We allow for 2 redirect levels.  */
+  estream_t httpfp = NULL;
 
   *reader = NULL;
 
   if (!url)
     return gpg_error (GPG_ERR_INV_ARG);
 
- once_more:
   err = http_parse_uri (&uri, url, 0);
   http_release_parsed_uri (uri);
-  if (err && !strncmp (url, "https:", 6))
-    {
-      /* FIXME: We now support https.
-       * Our HTTP code does not support TLS, thus we can't use this
-       * scheme and it is frankly not useful for CRL retrieval anyway.
-       * We resort to using http, assuming that the server also
-       * provides plain http access.  */
-      free_this = xtrymalloc (strlen (url) + 1);
-      if (free_this)
-        {
-          strcpy (stpcpy (free_this,"http:"), url+6);
-          err = http_parse_uri (&uri, free_this, 0);
-          http_release_parsed_uri (uri);
-          if (!err)
-            {
-              log_info (_("using \"http\" instead of \"https\"\n"));
-              url = free_this;
-            }
-        }
-    }
   if (!err) /* Yes, our HTTP code groks that. */
     {
-      http_t hd;
-
       if (opt.disable_http)
         {
           log_error (_("CRL access not possible due to disabled %s\n"),
@@ -196,97 +173,54 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
           err = gpg_error (GPG_ERR_NOT_SUPPORTED);
         }
       else
-        err = http_open_document (&hd, url, NULL,
-                                  ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-                                   |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
-                                   |(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
-                                   |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
-                                   |(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6:0)
-                                   ),
-                                  ctrl->http_proxy, NULL, NULL, NULL);
-
-      switch ( err? 99999 : http_get_status_code (hd) )
         {
-        case 200:
-          {
-            estream_t fp = http_get_read_ptr (hd);
-            struct reader_cb_context_s *cb_ctx;
-
-            cb_ctx = xtrycalloc (1, sizeof *cb_ctx);
-            if (!cb_ctx)
-              err = gpg_error_from_syserror ();
-            if (!err)
-              err = ksba_reader_new (reader);
-            if (!err)
-              {
-                cb_ctx->fp = fp;
-                err = ksba_reader_set_cb (*reader, &my_es_read, cb_ctx);
-              }
-            if (err)
-              {
-                log_error (_("error initializing reader object: %s\n"),
-                           gpg_strerror (err));
-                ksba_reader_release (*reader);
-                *reader = NULL;
-                http_close (hd, 0);
-              }
-            else
-              {
-                /* The ksba reader misses a user pointer thus we need
-                   to come up with our own way of associating a file
-                   pointer (or well the callback context) with the
-                   reader.  It is only required when closing the
-                   reader thus there is no performance issue doing it
-                   this way.  FIXME: We now have a close notification
-                   which might be used here. */
-                register_file_reader (*reader, cb_ctx);
-                http_close (hd, 1);
-              }
-          }
-          break;
+          /* Note that we also allow root certificates loaded from
+           * "/etc/gnupg/trusted-certs/".  We also do not consult
+           * the CRL for the TLS connection - that may lwad to a
+           * loop.  */
+          err = ks_http_fetch (ctrl, url, 0,
+                               (HTTP_FLAG_TRUST_CFG | HTTP_FLAG_NO_CRL),
+                               &httpfp);
+        }
 
-        case 301: /* Redirection (perm.). */
-        case 302: /* Redirection (temp.). */
-          {
-            const char *s = http_get_header (hd, "Location");
-
-            log_info (_("URL '%s' redirected to '%s' (%u)\n"),
-                      url, s?s:"[none]", http_get_status_code (hd));
-            if (s && *s && redirects_left-- )
-              {
-                xfree (free_this); url = NULL;
-                free_this = xtrystrdup (s);
-                if (!free_this)
-                  err = gpg_error_from_errno (errno);
-                else
-                  {
-                    url = free_this;
-                    http_close (hd, 0);
-                    /* Note, that our implementation of redirection
-                       actually handles a redirect to LDAP.  */
-                    goto once_more;
-                  }
-              }
-            else
-              err = gpg_error (GPG_ERR_NO_DATA);
-            log_error (_("too many redirections\n")); /* Or no "Location". */
-            http_close (hd, 0);
-          }
-          break;
-
-        case 99999: /* Made up status code for error reporting.  */
-          log_error (_("error retrieving '%s': %s\n"),
-                     url, gpg_strerror (err));
-          break;
-
-        default:
-          log_error (_("error retrieving '%s': http status %u\n"),
-                     url, http_get_status_code (hd));
-          err = gpg_error (GPG_ERR_NO_DATA);
-          http_close (hd, 0);
+      if (err)
+        log_error (_("error retrieving '%s': %s\n"), url, gpg_strerror (err));
+      else
+        {
+          struct reader_cb_context_s *cb_ctx;
+
+          cb_ctx = xtrycalloc (1, sizeof *cb_ctx);
+          if (!cb_ctx)
+            err = gpg_error_from_syserror ();
+          else if (!(err = ksba_reader_new (reader)))
+            {
+              cb_ctx->fp = httpfp;
+              err = ksba_reader_set_cb (*reader, &my_es_read, cb_ctx);
+              if (!err)
+                {
+                  /* The ksba reader misses a user pointer thus we
+                   * need to come up with our own way of associating a
+                   * file pointer (or well the callback context) with
+                   * the reader.  It is only required when closing the
+                   * reader thus there is no performance issue doing
+                   * it this way.  FIXME: We now have a close
+                   * notification which might be used here. */
+                  register_file_reader (*reader, cb_ctx);
+                  httpfp = NULL;
+                }
+            }
+
+          if (err)
+            {
+              log_error (_("error initializing reader object: %s\n"),
+                         gpg_strerror (err));
+              ksba_reader_release (*reader);
+              *reader = NULL;
+              xfree (cb_ctx);
+            }
         }
     }
-  else /* Let the LDAP code try other schemes. */
+  else /* Let the LDAP code parse other schemes.  */
     {
       if (opt.disable_ldap)
         {
@@ -310,7 +244,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         }
     }
 
-  xfree (free_this);
+  es_fclose (httpfp);
   return err;
 }
 
diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c
index ea66a4d73..ed4cdd496 100644
--- a/dirmngr/http-ntbtls.c
+++ b/dirmngr/http-ntbtls.c
@@ -87,13 +87,15 @@ gnupg_http_tls_verify_cb (void *opaque,
     }
   else /* Use the certificates as requested from the HTTP module.  */
     {
+      if ((http_flags & HTTP_FLAG_TRUST_CFG))
+        validate_flags |= VALIDATE_FLAG_TRUST_CONFIG;
       if ((http_flags & HTTP_FLAG_TRUST_DEF))
         validate_flags |= VALIDATE_FLAG_TRUST_HKP;
       if ((http_flags & HTTP_FLAG_TRUST_SYS))
         validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
 
       /* If HKP trust is requested and there are no HKP certificates
-       * configured, also try thye standard system certificates.  */
+       * configured, also try the standard system certificates.  */
       if ((validate_flags & VALIDATE_FLAG_TRUST_HKP)
           && !cert_cache_any_in_class (CERTTRUST_CLASS_HKP))
         validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 8e778dfa2..4624d5fe6 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -318,6 +318,9 @@ static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
 /* The list of files with trusted CA certificates.  */
 static strlist_t tls_ca_certlist;
 
+/* The list of files with extra trusted CA certificates.  */
+static strlist_t cfg_ca_certlist;
+
 /* The global callback for net activity.  */
 static void (*netactivity_cb)(void);
 
@@ -596,6 +599,35 @@ http_register_tls_ca (const char *fname)
 }
 
 
+/* Register a CA certificate for future use.  The certificate is
+ * expected to be in FNAME.  PEM format is assume if FNAME has a
+ * suffix of ".pem".  If FNAME is NULL the list of CA files is
+ * removed.  This is a variant of http_register_tls_ca which puts the
+ * certificate into a separate list enabled using HTTP_FLAG_TRUST_CFG.  */
+void
+http_register_cfg_ca (const char *fname)
+{
+  strlist_t sl;
+
+  if (!fname)
+    {
+      free_strlist (cfg_ca_certlist);
+      cfg_ca_certlist = NULL;
+    }
+  else
+    {
+      /* Warn if we can't access right now, but register it anyway in
+         case it becomes accessible later */
+      if (access (fname, F_OK))
+        log_info (_("can't access '%s': %s\n"), fname,
+                  gpg_strerror (gpg_error_from_syserror()));
+      sl = add_to_strlist (&cfg_ca_certlist, fname);
+      if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
+        sl->flags = 1;
+    }
+}
+
+
 /* Register a callback which is called every time the HTTP mode has
  * made a successful connection to some server.  */
 void
@@ -680,6 +712,7 @@ http_session_release (http_session_t sess)
  * Valid values for FLAGS are:
  *   HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
  *   HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
+ *   HTTP_FLAG_TRUST_CFG - Also use CAs set with http_register_cfg_ca
  *   HTTP_FLAG_NO_CRL    - Do not consult CRLs for https.
  */
 gpg_error_t
@@ -793,6 +826,21 @@ http_session_new (http_session_t *r_session,
 #endif /* gnutls >= 3.0.20 */
       }
 
+    /* Add other configured certificates to the session.  */
+    if ((flags & HTTP_FLAG_TRUST_CFG))
+      {
+        for (sl = cfg_ca_certlist; sl; sl = sl->next)
+          {
+            rc = gnutls_certificate_set_x509_trust_file
+              (sess->certcred, sl->d,
+               (sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
+            if (rc < 0)
+              log_info ("setting extra CA from file '%s' failed: %s\n",
+                        sl->d, gnutls_strerror (rc));
+          }
+      }
+
+
     rc = gnutls_init (&sess->tls_session, GNUTLS_CLIENT);
     if (rc < 0)
       {
diff --git a/dirmngr/http.h b/dirmngr/http.h
index 9fa462c05..4cfb4c890 100644
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@@ -88,8 +88,9 @@ enum
     HTTP_FLAG_IGNORE_IPv4 = 64,  /* Do not use IPv4.  */
     HTTP_FLAG_IGNORE_IPv6 = 128, /* Do not use IPv6.  */
     HTTP_FLAG_TRUST_DEF   = 256, /* Use the CAs configured for HKP.  */
-    HTTP_FLAG_TRUST_SYS   = 512, /* Also use the system defined CAs.  */
-    HTTP_FLAG_NO_CRL     = 1024  /* Do not consult CRLs for https.  */
+    HTTP_FLAG_TRUST_SYS   = 512, /* Also use the system defined CAs. */
+    HTTP_FLAG_TRUST_CFG  = 1024, /* Also use configured CAs.         */
+    HTTP_FLAG_NO_CRL     = 2048  /* Do not consult CRLs for https.   */
   };
 
 
@@ -110,6 +111,7 @@ void http_set_verbose (int verbose, int debug);
 
 void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
 void http_register_tls_ca (const char *fname);
+void http_register_cfg_ca (const char *fname);
 void http_register_netactivity_cb (void (*cb)(void));
 
 
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index 38cd02feb..eb15e40dd 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -257,7 +257,8 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
               if (is_hkp_s)
                 err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
               else if (is_http_s)
-                err = ks_http_fetch (ctrl, uri->parsed_uri->original, &infp);
+                err = ks_http_fetch (ctrl, uri->parsed_uri->original, 1, 0,
+                                     &infp);
               else
                 BUG ();
 
@@ -314,7 +315,7 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
 
   if (parsed_uri->is_http)
     {
-      err = ks_http_fetch (ctrl, url, &infp);
+      err = ks_http_fetch (ctrl, url, 1, 0, &infp);
       if (!err)
         {
           err = copy_stream (infp, outfp);
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index 6492dda8a..a03580373 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -62,9 +62,13 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
 
 
 /* Get the key from URL which is expected to specify a http style
-   scheme.  On success R_FP has an open stream to read the data.  */
+ * scheme.  On success R_FP has an open stream to read the data.
+ * Despite its name this function is also used to retrieve arbitrary
+ * data via https or http.
+ */
 gpg_error_t
-ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
+ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
+               unsigned int extra_http_trust_flags, estream_t *r_fp)
 {
   gpg_error_t err;
   http_session_t session = NULL;
@@ -82,11 +86,13 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   is_https = uri->use_tls;
 
  once_more:
-  /* Note that we only use the system provided certificates with the
-   * fetch command.  */
+  /* By default we only use the system provided certificates with this
+   * fetch command.  However, EXTRA_HTTP_FLAGS can be used to add more
+   * flags. */
   err = http_session_new (&session, NULL,
                           ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
-                           | HTTP_FLAG_TRUST_SYS),
+                           | HTTP_FLAG_TRUST_SYS
+                           | extra_http_trust_flags),
                           gnupg_http_tls_verify_cb, ctrl);
   if (err)
     goto leave;
@@ -100,6 +106,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
                    /* httphost */ NULL,
                    /* fixme: AUTH */ NULL,
                    ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+                    | (DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
                     | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
                     | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
                     | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
@@ -111,10 +118,11 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
     {
       fp = http_get_write_ptr (http);
       /* Avoid caches to get the most recent copy of the key.  We set
-         both the Pragma and Cache-Control versions of the header, so
-         we're good with both HTTP 1.0 and 1.1.  */
-      es_fputs ("Pragma: no-cache\r\n"
-                "Cache-Control: no-cache\r\n", fp);
+       * both the Pragma and Cache-Control versions of the header, so
+       * we're good with both HTTP 1.0 and 1.1.  */
+      if (send_no_cache)
+        es_fputs ("Pragma: no-cache\r\n"
+                  "Cache-Control: no-cache\r\n", fp);
       http_start_data (http);
       if (es_ferror (fp))
         err = gpg_error_from_syserror ();
diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h
index b5b4dd08b..ce51141bd 100644
--- a/dirmngr/ks-engine.h
+++ b/dirmngr/ks-engine.h
@@ -42,7 +42,9 @@ gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri,
 
 /*-- ks-engine-http.c --*/
 gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp);
+gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
+                           unsigned int extra_http_trust_flags,
+                           estream_t *r_fp);
 
 
 /*-- ks-engine-finger.c --*/
diff --git a/dirmngr/loadswdb.c b/dirmngr/loadswdb.c
index bc004665d..dfa027386 100644
--- a/dirmngr/loadswdb.c
+++ b/dirmngr/loadswdb.c
@@ -126,7 +126,7 @@ fetch_file (ctrl_t ctrl, const char *url, estream_t *r_fp)
   size_t nread, nwritten;
   char buffer[1024];
 
-  if ((err = ks_http_fetch (ctrl, url, &httpfp)))
+  if ((err = ks_http_fetch (ctrl, url, 1, 0, &httpfp)))
     goto leave;
 
   /* We now read the data from the web server into a memory buffer.
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 48244d4af..8a0b940ce 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1877,7 +1877,7 @@ static const char hlp_validate[] =
   "  INQUIRE CERTLIST\n"
   "\n"
   "Here the first certificate is the target certificate, the remaining\n"
-  "certificates are suggested intermediary certificates.  All certifciates\n"
+  "certificates are suggested intermediary certificates.  All certificates\n"
   "need to be PEM encoded.\n"
   "\n"
   "The option --systrust changes the behaviour to include the system\n"
@@ -1928,7 +1928,7 @@ cmd_validate (assuan_context_t ctx, char *line)
             err = gpg_error (GPG_ERR_MISSING_CERT);
           if (!err)
             {
-              /* Extraxt the first certificate from the list.  */
+              /* Extract the first certificate from the list.  */
               cert = certlist->cert;
               ksba_cert_ref (cert);
             }
-- 
cgit v1.2.3


From 1de4462974113ac18cf98f903e97cd1127fa842f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 25 Apr 2018 12:37:34 +0200
Subject: dirmngr: Allow redirection from https to http for CRLs

* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
(KS_HTTP_FETCH_TRUST_CFG): Ditto.
(KS_HTTP_FETCH_NO_CRL): Ditto.
(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
and extra_http_trust_flags by a new flags arg.  Allow redirectiong
from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
* dirmngr/ks-action.c (ks_action_get): Ditto.
(ks_action_fetch): Ditto.
* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/crlfetch.c       | 13 ++++++++-----
 dirmngr/ks-action.c      |  5 +++--
 dirmngr/ks-engine-http.c | 31 ++++++++++++++++++++-----------
 dirmngr/ks-engine.h      | 10 ++++++++--
 dirmngr/loadswdb.c       |  2 +-
 5 files changed, 40 insertions(+), 21 deletions(-)

diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 0d27aa0f1..57ac51b93 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -175,11 +175,14 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
       else
         {
           /* Note that we also allow root certificates loaded from
-           * "/etc/gnupg/trusted-certs/".  We also do not consult
-           * the CRL for the TLS connection - that may lwad to a
-           * loop.  */
-          err = ks_http_fetch (ctrl, url, 0,
-                               (HTTP_FLAG_TRUST_CFG | HTTP_FLAG_NO_CRL),
+           * "/etc/gnupg/trusted-certs/".  We also do not consult the
+           * CRL for the TLS connection - that may lead to a loop.
+           * Due to cacert.org redirecting their https URL to http we
+           * also allow such a downgrade.  */
+          err = ks_http_fetch (ctrl, url,
+                               (KS_HTTP_FETCH_TRUST_CFG
+                                | KS_HTTP_FETCH_NO_CRL
+                                | KS_HTTP_FETCH_ALLOW_DOWNGRADE ),
                                &httpfp);
         }
 
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index eb15e40dd..c1ecafb58 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -257,7 +257,8 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
               if (is_hkp_s)
                 err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
               else if (is_http_s)
-                err = ks_http_fetch (ctrl, uri->parsed_uri->original, 1, 0,
+                err = ks_http_fetch (ctrl, uri->parsed_uri->original,
+                                     KS_HTTP_FETCH_NOCACHE,
                                      &infp);
               else
                 BUG ();
@@ -315,7 +316,7 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
 
   if (parsed_uri->is_http)
     {
-      err = ks_http_fetch (ctrl, url, 1, 0, &infp);
+      err = ks_http_fetch (ctrl, url, KS_HTTP_FETCH_NOCACHE, &infp);
       if (!err)
         {
           err = copy_stream (infp, outfp);
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index a03580373..946c92769 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -67,11 +67,12 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
  * data via https or http.
  */
 gpg_error_t
-ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
-               unsigned int extra_http_trust_flags, estream_t *r_fp)
+ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
+               estream_t *r_fp)
 {
   gpg_error_t err;
   http_session_t session = NULL;
+  unsigned int session_flags;
   http_t http = NULL;
   int redirects_left = MAX_REDIRECTS;
   estream_t fp = NULL;
@@ -85,14 +86,16 @@ ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
   is_onion = uri->onion;
   is_https = uri->use_tls;
 
- once_more:
   /* By default we only use the system provided certificates with this
-   * fetch command.  However, EXTRA_HTTP_FLAGS can be used to add more
-   * flags. */
-  err = http_session_new (&session, NULL,
-                          ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
-                           | HTTP_FLAG_TRUST_SYS
-                           | extra_http_trust_flags),
+   * fetch command.  */
+  session_flags = HTTP_FLAG_TRUST_SYS;
+  if ((flags & KS_HTTP_FETCH_NO_CRL) || ctrl->http_no_crl)
+    session_flags |= HTTP_FLAG_NO_CRL;
+  if ((flags & KS_HTTP_FETCH_TRUST_CFG))
+    session_flags |= HTTP_FLAG_TRUST_CFG;
+
+ once_more:
+  err = http_session_new (&session, NULL, session_flags,
                           gnupg_http_tls_verify_cb, ctrl);
   if (err)
     goto leave;
@@ -120,7 +123,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
       /* Avoid caches to get the most recent copy of the key.  We set
        * both the Pragma and Cache-Control versions of the header, so
        * we're good with both HTTP 1.0 and 1.1.  */
-      if (send_no_cache)
+      if ((flags & KS_HTTP_FETCH_NOCACHE))
         es_fputs ("Pragma: no-cache\r\n"
                   "Cache-Control: no-cache\r\n", fp);
       http_start_data (http);
@@ -172,7 +175,13 @@ ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
                 if (err)
                   goto leave;
 
-                if ((is_onion && ! uri->onion) || (is_https && ! uri->use_tls))
+                if (is_onion && !uri->onion)
+                  {
+                    err = gpg_error (GPG_ERR_FORBIDDEN);
+                    goto leave;
+                  }
+                if (!(flags & KS_HTTP_FETCH_ALLOW_DOWNGRADE)
+                    && is_https && !uri->use_tls)
                   {
                     err = gpg_error (GPG_ERR_FORBIDDEN);
                     goto leave;
diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h
index ce51141bd..d28c6ab71 100644
--- a/dirmngr/ks-engine.h
+++ b/dirmngr/ks-engine.h
@@ -41,9 +41,15 @@ gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri,
                         const void *data, size_t datalen);
 
 /*-- ks-engine-http.c --*/
+
+/* Flags for the ks_http_fetch.  */
+#define KS_HTTP_FETCH_NOCACHE         1  /* Request no caching.  */
+#define KS_HTTP_FETCH_TRUST_CFG       2  /* Requests HTTP_FLAG_TRUST_CFG.  */
+#define KS_HTTP_FETCH_NO_CRL          4  /* Requests HTTP_FLAG_NO_CRL.     */
+#define KS_HTTP_FETCH_ALLOW_DOWNGRADE 8  /* Allow redirect https -> http.  */
+
 gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, int send_no_cache,
-                           unsigned int extra_http_trust_flags,
+gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
                            estream_t *r_fp);
 
 
diff --git a/dirmngr/loadswdb.c b/dirmngr/loadswdb.c
index dfa027386..fb883722a 100644
--- a/dirmngr/loadswdb.c
+++ b/dirmngr/loadswdb.c
@@ -126,7 +126,7 @@ fetch_file (ctrl_t ctrl, const char *url, estream_t *r_fp)
   size_t nread, nwritten;
   char buffer[1024];
 
-  if ((err = ks_http_fetch (ctrl, url, 1, 0, &httpfp)))
+  if ((err = ks_http_fetch (ctrl, url, KS_HTTP_FETCH_NOCACHE, &httpfp)))
     goto leave;
 
   /* We now read the data from the web server into a memory buffer.
-- 
cgit v1.2.3


From bb8894760fe87cf46a42599f11eab7e7c7a8eb71 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 25 Apr 2018 15:25:14 +0200
Subject: dirmngr: Add the used TLS library to the debug output.

* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/http.c   | 12 +++++++++++-
 doc/dirmngr.texi |  7 ++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/dirmngr/http.c b/dirmngr/http.c
index 4624d5fe6..6846107d0 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1736,9 +1736,19 @@ send_request (http_t hd, const char *httphost, const char *auth,
 #ifdef USE_TLS
   if (hd->uri->use_tls && !hd->session->tls_session)
     {
-      log_error ("TLS requested but no GNUTLS context available\n");
+      log_error ("TLS requested but no TLS context available\n");
       return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
     }
+  if (opt_debug)
+    log_debug ("Using TLS library: %s %s\n",
+# if HTTP_USE_NTBTLS
+               "NTBTLS", ntbtls_check_version (NULL)
+# elif HTTP_USE_GNUTLS
+               "GNUTLS", gnutls_check_version (NULL)
+# else
+               "?", "?"
+# endif /*HTTP_USE_*TLS*/
+               );
 #endif /*USE_TLS*/
 
   if ((hd->flags & HTTP_FLAG_FORCE_TOR))
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 800955c52..76be5286c 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -208,9 +208,10 @@ flag names.  To get a list of all supported flags the single word
 @opindex debug-all
 Same as @code{--debug=0xffffffff}
 
-@item --gnutls-debug @var{level}
-@opindex gnutls-debug
-Enable debugging of GNUTLS at @var{level}.
+@item --tls-debug @var{level}
+@opindex tls-debug
+Enable debugging of the TLS layer at @var{level}.  The details of the
+debug level depend on the used TLS library and are not set in stone.
 
 @item --debug-wait @var{n}
 @opindex debug-wait
-- 
cgit v1.2.3


From cc66108253c58583d6bad3d1e2da2b004701d0f0 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 26 Apr 2018 12:28:53 +0200
Subject: dirmngr: Fix handling of CNAMEed keyserver pools.

* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
--

For a description of the problem see the comment in
make_keyserver_item.

GnuPG-bug-id: 3755
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 NEWS                    |  3 +++
 dirmngr/ks-engine-hkp.c |  2 +-
 dirmngr/server.c        | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 7547b2aa1..ca84e2089 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ Noteworthy changes in version 2.2.7 (unreleased)
   * dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
     caches under Windows.  [#2448,#3923]
 
+  * dirmngr: Fix a CNAME problem with pools and TLS.  Also use a fixed
+    mapping of keys.gnupg.net to sks-keyservers.net.  [#3755]
+
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
 ------------------------------------------------
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index a9bb93666..eba7a1a48 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -583,7 +583,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
       /* Deal with the pool name before selecting a host. */
       if (r_httphost)
         {
-          *r_httphost = xtrystrdup (hi->cname? hi->cname : hi->name);
+          *r_httphost = xtrystrdup (hi->name);
           if (!*r_httphost)
             return gpg_error_from_syserror ();
         }
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 8a0b940ce..b7cdb24c9 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1997,6 +1997,38 @@ make_keyserver_item (const char *uri, uri_item_t *r_item)
   uri_item_t item;
 
   *r_item = NULL;
+
+  /* We used to have DNS CNAME redirection from the URLs below to
+   * sks-keyserver. pools.  The idea was to allow for a quick way to
+   * switch to a different set of pools.  The problem with that
+   * approach is that TLS needs to verify the hostname and - because
+   * DNS is not secured - it can only check the user supplied hostname
+   * and not a hostname from a CNAME RR.  Thus the final server all
+   * need to have certificates with the actual pool name as well as
+   * for keys.gnupg.net - that would render the advantage of
+   * keys.gnupg.net useless and so we better give up on this.  Because
+   * the keys.gnupg.net URL are still in widespread use we do a static
+   * mapping here.
+   */
+  if (!strcmp (uri, "hkps://keys.gnupg.net")
+      || !strcmp (uri, "keys.gnupg.net"))
+    uri = "hkps://hkps.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "https://keys.gnupg.net"))
+    uri = "https://hkps.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "hkp://keys.gnupg.net"))
+    uri = "hkp://hkps.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "http://keys.gnupg.net"))
+    uri = "http://hkps.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "hkps://http-keys.gnupg.net")
+           || !strcmp (uri, "http-keys.gnupg.net"))
+    uri = "hkps://ha.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "https://http-keys.gnupg.net"))
+    uri = "https://ha.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "hkp://http-keys.gnupg.net"))
+    uri = "hkp://ha.pool.sks-keyservers.net";
+  else if (!strcmp (uri, "http://http-keys.gnupg.net"))
+    uri = "http://ha.pool.sks-keyservers.net";
+
   item = xtrymalloc (sizeof *item + strlen (uri));
   if (!item)
     return gpg_error_from_syserror ();
-- 
cgit v1.2.3


From 5789afc840cf79ba2a8cebd9d772ef9c3868c5e9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 26 Apr 2018 12:39:59 +0200
Subject: dirmngr: Lower the dead host resurrection time to 1.5h

* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
for development.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 NEWS                    | 2 ++
 dirmngr/ks-engine-hkp.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index ca84e2089..e5f088b18 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,8 @@ Noteworthy changes in version 2.2.7 (unreleased)
   * dirmngr: Fix a CNAME problem with pools and TLS.  Also use a fixed
     mapping of keys.gnupg.net to sks-keyservers.net.  [#3755]
 
+  * dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
+
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
 ------------------------------------------------
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index eba7a1a48..32840e68e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -55,7 +55,7 @@
 
 
 /* Number of seconds after a host is marked as resurrected.  */
-#define RESURRECT_INTERVAL  (3600*3)  /* 3 hours */
+#define RESURRECT_INTERVAL  (3600+1800)  /* 1.5 hours */
 
 /* To match the behaviour of our old gpgkeys helper code we escape
    more characters than actually needed. */
@@ -110,7 +110,7 @@ static hostinfo_t *hosttable;
 static int hosttable_size;
 
 /* The number of host slots we initially allocate for HOSTTABLE.  */
-#define INITIAL_HOSTTABLE_SIZE 10
+#define INITIAL_HOSTTABLE_SIZE 50
 
 
 /* Create a new hostinfo object, fill in NAME and put it into
-- 
cgit v1.2.3


From d22506a343cec61b7d1a48c970b63a8458b267ab Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 27 Apr 2018 11:57:08 +0200
Subject: dirmngr: Silence log output from dirmngr_ldap.

* dirmngr/dirmngr_ldap.c: Remove assert.h.
(main): Replace assert by log_assert.
* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
verbose options to dirmngr_ldap.
(start_cert_fetch_ldap): Ditto.
--

verbose is a pretty common option in dirmngr.conf and it would clutter
the logs with output from dirmngr_ldap.  Now we require DBG_EXTPROG
or DBG_LOOKUP to make dirmngr_ldap more verbose.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr.c      |  3 ++-
 dirmngr/dirmngr_ldap.c |  3 +--
 dirmngr/ldap.c         | 12 ++++++++++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 17adae2f4..31f8e0f46 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -2235,7 +2235,8 @@ handle_connections (assuan_fd_t listen_fd)
       npth_timersub (&abstime, &curtime, &timeout);
 
 #ifndef HAVE_W32_SYSTEM
-      ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
+      ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
+                          npth_sigev_sigmask());
       saved_errno = errno;
 
       while (npth_sigev_get_pending(&signo))
diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
index 5be4e5814..e05c77925 100644
--- a/dirmngr/dirmngr_ldap.c
+++ b/dirmngr/dirmngr_ldap.c
@@ -29,7 +29,6 @@
 # include <signal.h>
 #endif
 #include <errno.h>
-#include <assert.h>
 #include <sys/time.h>
 #include <unistd.h>
 #ifndef USE_LDAPWRAPPER
@@ -343,7 +342,7 @@ ldap_wrapper_main (char **argv, estream_t outstream)
     usage (1);
 #else
   /* All passed arguments should be fine in this case.  */
-  assert (argc);
+  log_assert (argc);
 #endif
 
 #ifdef USE_LDAPWRAPPER
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index adf83071e..cb3c0b763 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -136,8 +136,12 @@ run_ldap_wrapper (ctrl_t ctrl,
       argv[argc++] = "--pass";
       argv[argc++] = pass;
     }
-  if (opt.verbose)
+
+  if (DBG_LOOKUP)
     argv[argc++] = "-vv";
+  else if (DBG_EXTPROG)
+    argv[argc++] = "-v";
+
   argv[argc++] = "--log-with-pid";
   if (multi_mode)
     argv[argc++] = "--multi";
@@ -564,8 +568,12 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
       argv[argc++] = "--pass";
       argv[argc++] = pass;
     }
-  if (opt.verbose)
+
+  if (DBG_LOOKUP)
     argv[argc++] = "-vv";
+  else if (DBG_EXTPROG)
+    argv[argc++] = "-v";
+
   argv[argc++] = "--log-with-pid";
   argv[argc++] = "--multi";
   if (opt.ldaptimeout)
-- 
cgit v1.2.3


From f9fbfc64e402bd41815a68426f55565fa6d5c726 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 27 Apr 2018 12:03:41 +0200
Subject: dirmngr: Use the LDAP wrapper process also for Windows.

* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--

Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows.  Our long term use of the old Window CE wrapper
thing didn't fixed this either.  The new code uses the portable
es_poll function and thus code which is tested at several other
places.  It Should(tm) fix the Windows issues.

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 configure.ac              |   1 -
 dirmngr/ldap-wrapper-ce.c |   1 +
 dirmngr/ldap-wrapper.c    | 422 ++++++++++++++++++++++++++--------------------
 3 files changed, 237 insertions(+), 187 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7b373a447..f2814dd1d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -653,7 +653,6 @@ case "${host}" in
         have_dosish_system=yes
         have_w32_system=yes
         require_iconv=no
-        use_ldapwrapper=no  # Fixme: Do this only for CE.
         require_pipe_to_unblock_pselect=no
         case "${host}" in
           *-mingw32ce*)
diff --git a/dirmngr/ldap-wrapper-ce.c b/dirmngr/ldap-wrapper-ce.c
index 01f8f647e..884bb325d 100644
--- a/dirmngr/ldap-wrapper-ce.c
+++ b/dirmngr/ldap-wrapper-ce.c
@@ -45,6 +45,7 @@
 #ifdef USE_LDAPWRAPPER
 # error This module is not expected to be build.
 #endif
+#error This module might not anymore work.
 
 
 
diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
index 8b53bd60f..7fb8618dc 100644
--- a/dirmngr/ldap-wrapper.c
+++ b/dirmngr/ldap-wrapper.c
@@ -1,5 +1,5 @@
 /* ldap-wrapper.c - LDAP access via a wrapper process
- * Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
+ * Copyright (C) 2004, 2005, 2007, 2008, 2018 g10 Code GmbH
  * Copyright (C) 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -19,31 +19,34 @@
  */
 
 /*
-   We can't use LDAP directly for these reasons:
-
-   1. On some systems the LDAP library uses (indirectly) pthreads and
-      that is not compatible with PTh.
-
-   2. It is huge library in particular if TLS comes into play.  So
-      problems with unfreed memory might turn up and we don't want
-      this in a long running daemon.
-
-   3. There is no easy way for timeouts. In particular the timeout
-      value does not work for DNS lookups (well, this is usual) and it
-      seems not to work while loading a large attribute like a
-      CRL. Having a separate process allows us to either tell the
-      process to commit suicide or have our own housekepping function
-      kill it after some time.  The latter also allows proper
-      cancellation of a query at any point of time.
-
-   4. Given that we are going out to the network and usually get back
-      a long response, the fork/exec overhead is acceptable.
-
-   Note that under WindowsCE the number of processes is strongly
-   limited (32 processes including the kernel processes) and thus we
-   don't use the process approach but implement a different wrapper in
-   ldap-wrapper-ce.c.
-*/
+ * We can't use LDAP directly for these reasons:
+ *
+ * 1. On some systems the LDAP library uses (indirectly) pthreads and
+ *    that is not compatible with GNU Pth.  Since 2.1 we use nPth
+ *    instead of GNU Pth which does not have this problem anymore
+ *    because it will use pthreads if the platform supports it.  Thus
+ *    this was a historical reasons.
+ *
+ * 2. It is huge library in particular if TLS comes into play.  So
+ *    problems with unfreed memory might turn up and we don't want
+ *    this in a long running daemon.
+ *
+ * 3. There is no easy way for timeouts. In particular the timeout
+ *    value does not work for DNS lookups (well, this is usual) and it
+ *    seems not to work while loading a large attribute like a
+ *    CRL. Having a separate process allows us to either tell the
+ *    process to commit suicide or have our own housekepping function
+ *    kill it after some time.  The latter also allows proper
+ *    cancellation of a query at any point of time.
+ *
+ * 4. Given that we are going out to the network and usually get back
+ *    a long response, the fork/exec overhead is acceptable.
+ *
+ * Note that under WindowsCE the number of processes is strongly
+ * limited (32 processes including the kernel processes) and thus we
+ * don't use the process approach but implement a different wrapper in
+ * ldap-wrapper-ce.c.
+ */
 
 
 #include <config.h>
@@ -89,20 +92,21 @@ struct wrapper_context_s
 {
   struct wrapper_context_s *next;
 
-  pid_t pid;    /* The pid of the wrapper process. */
-  int printable_pid; /* Helper to print diagnostics after the process has
-                        been cleaned up. */
-  int fd;       /* Connected with stdout of the ldap wrapper.  */
-  gpg_error_t fd_error; /* Set to the gpg_error of the last read error
-                           if any.  */
-  int log_fd;   /* Connected with stderr of the ldap wrapper.  */
-  ctrl_t ctrl;  /* Connection data. */
-  int ready;    /* Internally used to mark to be removed contexts. */
-  ksba_reader_t reader; /* The ksba reader object or NULL. */
-  char *line;     /* Used to print the log lines (malloced). */
-  size_t linesize;/* Allocated size of LINE.  */
-  size_t linelen; /* Use size of LINE.  */
-  time_t stamp;   /* The last time we noticed ativity.  */
+  pid_t pid;           /* The pid of the wrapper process. */
+  int printable_pid;   /* Helper to print diagnostics after the process has
+                        * been cleaned up. */
+  estream_t fp;        /* Connected with stdout of the ldap wrapper.  */
+  gpg_error_t fp_err;  /* Set to the gpg_error of the last read error
+                        * if any.  */
+  estream_t log_fp;    /* Connected with stderr of the ldap wrapper.  */
+  ctrl_t ctrl;         /* Connection data. */
+  int ready;           /* Internally used to mark to be removed contexts. */
+  ksba_reader_t reader;/* The ksba reader object or NULL. */
+  char *line;          /* Used to print the log lines (malloced). */
+  size_t linesize;     /* Allocated size of LINE.  */
+  size_t linelen;      /* Use size of LINE.  */
+  time_t stamp;        /* The last time we noticed ativity.  */
+  int reaper_idx;      /* Private to ldap_wrapper_thread.   */
 };
 
 
@@ -115,9 +119,9 @@ static struct wrapper_context_s *wrapper_list;
 /* We need to know whether we are shutting down the process.  */
 static int shutting_down;
 
-/* Close the pth file descriptor FD and set it to -1.  */
-#define SAFE_CLOSE(fd) \
-  do { int _fd = fd; if (_fd != -1) { close (_fd); fd = -1;} } while (0)
+/* Close the estream fp and set it to NULL.  */
+#define SAFE_CLOSE(fp) \
+  do { estream_t _fp = fp; es_fclose (_fp); fp = NULL; } while (0)
 
 
 
@@ -151,8 +155,8 @@ destroy_wrapper (struct wrapper_context_s *ctx)
       gnupg_release_process (ctx->pid);
     }
   ksba_reader_release (ctx->reader);
-  SAFE_CLOSE (ctx->fd);
-  SAFE_CLOSE (ctx->log_fd);
+  SAFE_CLOSE (ctx->fp);
+  SAFE_CLOSE (ctx->log_fp);
   xfree (ctx->line);
   xfree (ctx);
 }
@@ -218,25 +222,22 @@ print_log_line (struct wrapper_context_s *ctx, char *line)
 
 
 /* Read data from the log stream.  Returns true if the log stream
-   indicated EOF or error.  */
+ * indicated EOF or error.  */
 static int
 read_log_data (struct wrapper_context_s *ctx)
 {
-  int n;
+  int rc;
+  size_t n;
   char line[256];
 
-  /* We must use the npth_read function for pipes, always.  */
-  do
-    n = npth_read (ctx->log_fd, line, sizeof line - 1);
-  while (n < 0 && errno == EINTR);
-
-  if (n <= 0) /* EOF or error. */
+  rc = es_read (ctx->log_fp, line, sizeof line - 1, &n);
+  if (rc || !n)  /* Error or EOF.  */
     {
-      if (n < 0)
+      if (rc)
         log_error (_("error reading log from ldap wrapper %d: %s\n"),
                    (int)ctx->pid, strerror (errno));
-      print_log_line (ctx, NULL);
-      SAFE_CLOSE (ctx->log_fd);
+      print_log_line (ctx, NULL);  /* Flush.  */
+      SAFE_CLOSE (ctx->log_fp);
       return 1;
     }
 
@@ -253,13 +254,16 @@ read_log_data (struct wrapper_context_s *ctx)
 void *
 ldap_wrapper_thread (void *dummy)
 {
-  int nfds;
+  gpg_error_t err;
   struct wrapper_context_s *ctx;
   struct wrapper_context_s *ctx_prev;
   struct timespec abstime;
   struct timespec curtime;
   struct timespec timeout;
-  fd_set fdset;
+  int millisecs;
+  gpgrt_poll_t *fparray = NULL;
+  int fparraysize = 0;
+  int count;
   int ret;
   time_t exptime;
 
@@ -268,6 +272,11 @@ ldap_wrapper_thread (void *dummy)
   npth_clock_gettime (&abstime);
   abstime.tv_sec += TIMERTICK_INTERVAL;
 
+  /* FIXME: When we are idle (i.e. !COUNT) we should not use the
+   * TIMERTICK_INTERVAL but wait on a mutex to avoid unnecessary
+   * wakeups.  */
+
+ restart:
   for (;;)
     {
       int any_action = 0;
@@ -280,34 +289,89 @@ ldap_wrapper_thread (void *dummy)
 	  abstime.tv_sec += TIMERTICK_INTERVAL;
 	}
       npth_timersub (&abstime, &curtime, &timeout);
-
-      FD_ZERO (&fdset);
-      nfds = -1;
-      for (ctx = wrapper_list; ctx; ctx = ctx->next)
+      millisecs = timeout.tv_sec * 1000;
+      millisecs += timeout.tv_nsec / 1000000;
+      if (millisecs < 0)
+        millisecs = 1;
+
+      /* Setup FPARRAY.  */
+      for (count = 0, ctx = wrapper_list; ctx; ctx = ctx->next)
+        if (ctx->log_fp)
+          count++;
+      if (DBG_EXTPROG)
+        log_debug ("ldap-reaper: next run (count=%d size=%d, timeout=%d)\n",
+                   count, fparraysize, millisecs);
+      if (count > fparraysize || !fparray)
         {
-          if (ctx->log_fd != -1)
+          /* Need to realloc the array.  We simply discard it and
+           * replace it by a new one.  */
+          xfree (fparray);
+          fparray = xtrycalloc (count? count : 1, sizeof *fparray);
+          if (!fparray)
             {
-              FD_SET (ctx->log_fd, &fdset);
-              if (ctx->log_fd > nfds)
-                nfds = ctx->log_fd;
+              err = gpg_error_from_syserror ();
+              log_error ("ldap-reaper can't allocate poll array: %s"
+                         " - waiting 1s\n", gpg_strerror (err));
+              npth_sleep (1);
+              continue;
             }
+          fparraysize = count;
         }
-      nfds++;
-
-      /* FIXME: For Windows, we have to use a reader thread on the
-	 pipe that signals an event (and a npth_select_ev variant).  */
-      ret = npth_pselect (nfds + 1, &fdset, NULL, NULL, &timeout, NULL);
-      if (ret == -1)
-	{
-          if (errno != EINTR)
+      for (count = 0, ctx = wrapper_list; ctx; ctx = ctx->next)
+        {
+          if (ctx->log_fp)
             {
-              log_error (_("npth_select failed: %s - waiting 1s\n"),
-                         strerror (errno));
-              npth_sleep (1);
+              if (count > fparraysize)
+                {
+                  /* Another thread added more items to WRAPPER_LIST.
+                   * Note that the calloc above is a system call and
+                   * thus may caused a context switch. */
+                  goto restart;
+                }
+              fparray[count].stream = ctx->log_fp;
+              fparray[count].want_read = 1;
+              fparray[count].ignore = 0;
+              ctx->reaper_idx = count;
+              count++;
             }
+          else
+            ctx->reaper_idx = -1;
+        }
+      for (; count < fparraysize; count++)
+        fparray[count].ignore = 1;
+
+      if (DBG_EXTPROG)
+        {
+          for (count=0; count < fparraysize; count++)
+            if (!fparray[count].ignore)
+              log_debug ("ldap-reaper: fp[%d] stream=%p want=%d\n",
+                         count, fparray[count].stream,fparray[count].want_read);
+        }
+
+      ret = es_poll (fparray, fparraysize, millisecs);
+      if (ret < 0)
+	{
+          err = gpg_error_from_syserror ();
+          log_error ("ldap-reaper failed to poll: %s"
+                     " - waiting 1s\n", gpg_strerror (err));
+          /* In case the reason for the error is a too large array, we
+           * release it so that it will be allocated smaller in the
+           * next round.  */
+          xfree (fparray);
+          fparray = NULL;
+          fparraysize = 0;
+          npth_sleep (1);
           continue;
 	}
 
+      if (DBG_EXTPROG)
+        {
+          for (count=0; count < fparraysize; count++)
+            if (!fparray[count].ignore)
+              log_debug ("ldap-reaper: fp[%d] stream=%p got=%d\n",
+                         count, fparray[count].stream, fparray[count].got_read);
+        }
+
       /* All timestamps before exptime should be considered expired.  */
       exptime = time (NULL);
       if (exptime > INACTIVITY_TIMEOUT)
@@ -316,31 +380,36 @@ ldap_wrapper_thread (void *dummy)
       /* Note that there is no need to lock the list because we always
          add entries at the head (with a pending event status) and
          thus traversing the list will even work if we have a context
-         switch in waitpid (which should anyway only happen with Pth's
-         hard system call mapping).  */
+         switch in waitpid.  */
       for (ctx = wrapper_list; ctx; ctx = ctx->next)
         {
-          /* Check whether there is any logging to be done. */
-          if (nfds && ctx->log_fd != -1 && FD_ISSET (ctx->log_fd, &fdset))
+          /* Check whether there is any logging to be done.  We need
+           * to check FPARRAYSIZE because it can be 0 in case es_poll
+           * returned a timeout.  */
+          if (fparraysize && ctx->log_fp && ctx->reaper_idx >= 0)
             {
-              if (read_log_data (ctx))
+              log_assert (ctx->reaper_idx < fparraysize);
+              if (fparray[ctx->reaper_idx].got_read)
                 {
-                  SAFE_CLOSE (ctx->log_fd);
-                  any_action = 1;
+                  if (read_log_data (ctx))
+                    {
+                      SAFE_CLOSE (ctx->log_fp);
+                      any_action = 1;
+                    }
                 }
             }
 
           /* Check whether the process is still running.  */
           if (ctx->pid != (pid_t)(-1))
             {
-              gpg_error_t err;
 	      int status;
 
 	      err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
                                         &status);
               if (!err)
                 {
-		  log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
+                  if (DBG_EXTPROG)
+                    log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
                   ctx->ready = 1;
 		  gnupg_release_process (ctx->pid);
                   ctx->pid = (pid_t)(-1);
@@ -375,9 +444,9 @@ ldap_wrapper_thread (void *dummy)
               ctx->stamp = (time_t)(-1);
               log_info (_("ldap wrapper %d stalled - killing\n"),
                         (int)ctx->pid);
-              /* We need to close the log fd because the cleanup loop
-                 waits for it.  */
-              SAFE_CLOSE (ctx->log_fd);
+              /* We need to close the log stream because the cleanup
+               * loop waits for it.  */
+              SAFE_CLOSE (ctx->log_fp);
               any_action = 1;
             }
         }
@@ -385,26 +454,27 @@ ldap_wrapper_thread (void *dummy)
       /* If something has been printed to the log file or we got an
          EOF from a wrapper, we now print the list of active
          wrappers.  */
-      if (any_action && DBG_LOOKUP)
+      if (any_action && DBG_EXTPROG)
         {
-          log_info ("ldap worker stati:\n");
+          log_debug ("ldap worker stati:\n");
           for (ctx = wrapper_list; ctx; ctx = ctx->next)
-            log_info ("  c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n",
-                      ctx,
-                      (int)ctx->pid, (int)ctx->printable_pid,
-                      ctx->reader,
-                      ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
-                      (unsigned long)ctx->stamp, ctx->ready);
+            log_debug ("  c=%p pid=%d/%d rdr=%p logfp=%p"
+                       " ctrl=%p/%d la=%lu rdy=%d\n",
+                       ctx,
+                       (int)ctx->pid, (int)ctx->printable_pid,
+                       ctx->reader, ctx->log_fp,
+                       ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
+                       (unsigned long)ctx->stamp, ctx->ready);
         }
 
 
-      /* Use a separate loop to check whether ready marked wrappers
-         may be removed.  We may only do so if the ksba reader object
-         is not anymore in use or we are in shutdown state.  */
+      /* Use an extra loop to check whether ready marked wrappers may
+       * be removed.  We may only do so if the ksba reader object is
+       * not anymore in use or we are in shutdown state.  */
      again:
       for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
         if (ctx->ready
-            && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down))
+            && ((!ctx->log_fp && !ctx->reader) || shutting_down))
           {
             if (ctx_prev)
               ctx_prev->next = ctx->next;
@@ -412,7 +482,7 @@ ldap_wrapper_thread (void *dummy)
               wrapper_list = ctx->next;
             destroy_wrapper (ctx);
             /* We need to restart because destroy_wrapper might have
-               done a context switch. */
+             * done a context switch. */
             goto again;
           }
     }
@@ -451,8 +521,6 @@ ldap_wrapper_launch_thread (void)
 
 
 
-
-
 /* Wait until all ldap wrappers have terminated.  We assume that the
    kill has already been sent to all of them.  */
 void
@@ -478,23 +546,23 @@ ldap_wrapper_release_context (ksba_reader_t reader)
   for (ctx=wrapper_list; ctx; ctx=ctx->next)
     if (ctx->reader == reader)
       {
-        if (DBG_LOOKUP)
-          log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
+        if (DBG_EXTPROG)
+          log_debug ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
                     ctx,
                     (int)ctx->pid, (int)ctx->printable_pid,
                     ctx->reader,
                     ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
 
         ctx->reader = NULL;
-        SAFE_CLOSE (ctx->fd);
+        SAFE_CLOSE (ctx->fp);
         if (ctx->ctrl)
           {
             ctx->ctrl->refcount--;
             ctx->ctrl = NULL;
           }
-        if (ctx->fd_error)
+        if (ctx->fp_err)
           log_info (_("reading from ldap wrapper %d failed: %s\n"),
-                    ctx->printable_pid, gpg_strerror (ctx->fd_error));
+                    ctx->printable_pid, gpg_strerror (ctx->fp_err));
         break;
       }
 }
@@ -513,34 +581,34 @@ ldap_wrapper_connection_cleanup (ctrl_t ctrl)
         ctx->ctrl = NULL;
         if (ctx->pid != (pid_t)(-1))
           gnupg_kill_process (ctx->pid);
-        if (ctx->fd_error)
+        if (ctx->fp_err)
           log_info (_("reading from ldap wrapper %d failed: %s\n"),
-                    ctx->printable_pid, gpg_strerror (ctx->fd_error));
+                    ctx->printable_pid, gpg_strerror (ctx->fp_err));
       }
 }
 
 
 /* This is the callback used by the ldap wrapper to feed the ksba
-   reader with the wrappers stdout.  See the description of
-   ksba_reader_set_cb for details.  */
+ * reader with the wrapper's stdout.  See the description of
+ * ksba_reader_set_cb for details.  */
 static int
 reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
 {
   struct wrapper_context_s *ctx = cb_value;
   size_t nleft = count;
-  int nfds;
   struct timespec abstime;
   struct timespec curtime;
   struct timespec timeout;
-  int saved_errno;
-  fd_set fdset, read_fdset;
+  int millisecs;
+  gpgrt_poll_t fparray[1];
   int ret;
+  gpg_error_t err;
+
 
   /* FIXME: We might want to add some internal buffering because the
      ksba code does not do any buffering for itself (because a ksba
      reader may be detached from another stream to read other data and
-     the it would be cumbersome to get back already buffered
-     stuff).  */
+     then it would be cumbersome to get back already buffered stuff).  */
 
   if (!buffer && !count && !nread)
     return -1; /* Rewind is not supported. */
@@ -548,81 +616,83 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
   /* If we ever encountered a read error, don't continue (we don't want to
      possibly overwrite the last error cause).  Bail out also if the
      file descriptor has been closed. */
-  if (ctx->fd_error || ctx->fd == -1)
+  if (ctx->fp_err || !ctx->fp)
     {
       *nread = 0;
       return -1;
     }
 
-  FD_ZERO (&fdset);
-  FD_SET (ctx->fd, &fdset);
-  nfds = ctx->fd + 1;
+  memset (fparray, 0, sizeof fparray);
+  fparray[0].stream = ctx->fp;
+  fparray[0].want_read = 1;
 
   npth_clock_gettime (&abstime);
   abstime.tv_sec += TIMERTICK_INTERVAL;
 
   while (nleft > 0)
     {
-      int n;
-      gpg_error_t err;
-
       npth_clock_gettime (&curtime);
       if (!(npth_timercmp (&curtime, &abstime, <)))
 	{
 	  err = dirmngr_tick (ctx->ctrl);
           if (err)
             {
-              ctx->fd_error = err;
-              SAFE_CLOSE (ctx->fd);
+              ctx->fp_err = err;
+              SAFE_CLOSE (ctx->fp);
               return -1;
             }
 	  npth_clock_gettime (&abstime);
 	  abstime.tv_sec += TIMERTICK_INTERVAL;
 	}
       npth_timersub (&abstime, &curtime, &timeout);
+      millisecs = timeout.tv_sec * 1000;
+      millisecs += timeout.tv_nsec / 1000000;
+      if (millisecs < 0)
+        millisecs = 1;
 
-      read_fdset = fdset;
-      ret = npth_pselect (nfds, &read_fdset, NULL, NULL, &timeout, NULL);
-      saved_errno = errno;
-
-      if (ret == -1 && saved_errno != EINTR)
+      ret = es_poll (fparray, DIM (fparray), millisecs);
+      if (ret < 0)
 	{
-          ctx->fd_error = gpg_error_from_errno (errno);
-          SAFE_CLOSE (ctx->fd);
+          ctx->fp_err = gpg_error_from_syserror ();
+          log_error ("error polling stdout of ldap wrapper %d: %s\n",
+                     ctx->printable_pid, gpg_strerror (ctx->fp_err));
+          SAFE_CLOSE (ctx->fp);
           return -1;
         }
-      if (ret <= 0)
-	/* Timeout.  Will be handled when calculating the next timeout.  */
-	continue;
-
-      /* This should not block now that select returned with a file
-	 descriptor.  So it shouldn't be necessary to use npth_read
-	 (and it is slightly dangerous in the sense that a concurrent
-	 thread might (accidentially?) change the status of ctx->fd
-	 before we read.  FIXME: Set ctx->fd to nonblocking?  */
-      n = read (ctx->fd, buffer, nleft);
-      if (n < 0)
+      if (!ret)
         {
-          ctx->fd_error = gpg_error_from_errno (errno);
-          SAFE_CLOSE (ctx->fd);
-          return -1;
+          /* Timeout.  Will be handled when calculating the next timeout.  */
+          continue;
         }
-      else if (!n)
+
+      if (fparray[0].got_read)
         {
-          if (nleft == count)
-	    return -1; /* EOF. */
-          break;
+          size_t n;
+
+          if (es_read (ctx->fp, buffer, nleft, &n))
+            {
+              ctx->fp_err = gpg_error_from_syserror ();
+              SAFE_CLOSE (ctx->fp);
+              return -1;
+            }
+          else if (!n) /* EOF */
+            {
+              if (nleft == count)
+                return -1; /* EOF. */
+              break;
+            }
+          nleft -= n;
+          buffer += n;
+          if (n > 0 && ctx->stamp != (time_t)(-1))
+            ctx->stamp = time (NULL);
         }
-      nleft -= n;
-      buffer += n;
-      if (n > 0 && ctx->stamp != (time_t)(-1))
-        ctx->stamp = time (NULL);
     }
   *nread = count - nleft;
 
   return 0;
 }
 
+
 /* Fork and exec the LDAP wrapper and return a new libksba reader
    object at READER.  ARGV is a NULL terminated list of arguments for
    the wrapper.  The function returns 0 on success or an error code.
@@ -646,7 +716,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
   int j;
   const char **arg_list;
   const char *pgmname;
-  int outpipe[2], errpipe[2];
+  estream_t outfp, errfp;
 
   /* It would be too simple to connect stderr just to our logging
      stream.  The problem is that if we are running multi-threaded
@@ -696,41 +766,21 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
       return err;
     }
 
-  err = gnupg_create_inbound_pipe (outpipe, NULL, 0);
-  if (!err)
-    {
-      err = gnupg_create_inbound_pipe (errpipe, NULL, 0);
-      if (err)
-        {
-          close (outpipe[0]);
-          close (outpipe[1]);
-        }
-    }
-  if (err)
-    {
-      log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
-      xfree (arg_list);
-      xfree (ctx);
-      return err;
-    }
-
-  err = gnupg_spawn_process_fd (pgmname, arg_list,
-                                -1, outpipe[1], errpipe[1], &pid);
+  err = gnupg_spawn_process (pgmname, arg_list,
+                             NULL, NULL, GNUPG_SPAWN_NONBLOCK,
+                             NULL, &outfp, &errfp, &pid);
   xfree (arg_list);
-  close (outpipe[1]);
-  close (errpipe[1]);
   if (err)
     {
-      close (outpipe[0]);
-      close (errpipe[0]);
       xfree (ctx);
+      log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
       return err;
     }
 
   ctx->pid = pid;
   ctx->printable_pid = (int) pid;
-  ctx->fd = outpipe[0];
-  ctx->log_fd = errpipe[0];
+  ctx->fp = outfp;
+  ctx->log_fp = errfp;
   ctx->ctrl = ctrl;
   ctrl->refcount++;
   ctx->stamp = time (NULL);
@@ -752,9 +802,9 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
   ctx->reader = *reader;
   ctx->next = wrapper_list;
   wrapper_list = ctx;
-  if (opt.verbose)
-    log_info ("ldap wrapper %d started (reader %p)\n",
-              (int)ctx->pid, ctx->reader);
+  if (DBG_EXTPROG)
+    log_debug ("ldap wrapper %d started (%p, %s)\n",
+               (int)ctx->pid, ctx->reader, pgmname);
 
   /* Need to wait for the first byte so we are able to detect an empty
      output and not let the consumer see an EOF without further error
-- 
cgit v1.2.3


From a598bbeeafa30f7854230eed212b76d5c5c77f86 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 27 Apr 2018 15:20:45 +0200
Subject: dirmngr: Sleep in the ldap wrapper thread.

* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex.  Use
a condition var to wake up the reaper thread.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/ldap-wrapper.c | 523 +++++++++++++++++++++++++++++--------------------
 1 file changed, 311 insertions(+), 212 deletions(-)

diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
index 7fb8618dc..d01c4808e 100644
--- a/dirmngr/ldap-wrapper.c
+++ b/dirmngr/ldap-wrapper.c
@@ -111,14 +111,20 @@ struct wrapper_context_s
 
 
 
-/* We keep a global list of spawned wrapper process.  A separate thread
-   makes use of this list to log error messages and to watch out for
-   finished processes. */
-static struct wrapper_context_s *wrapper_list;
+/* We keep a global list of spawned wrapper process.  A separate
+ * thread makes use of this list to log error messages and to watch
+ * out for finished processes.  Access to list is protected by a
+ * mutex.  The condition variable is used to wakeup the reaper
+ * thread.  */
+static struct wrapper_context_s *reaper_list;
+static npth_mutex_t reaper_list_mutex = NPTH_MUTEX_INITIALIZER;
+static npth_cond_t  reaper_run_cond  = NPTH_COND_INITIALIZER;
 
 /* We need to know whether we are shutting down the process.  */
 static int shutting_down;
 
+
+
 /* Close the estream fp and set it to NULL.  */
 #define SAFE_CLOSE(fp) \
   do { estream_t _fp = fp; es_fclose (_fp); fp = NULL; } while (0)
@@ -126,6 +132,26 @@ static int shutting_down;
 
 
 
+
+static void
+lock_reaper_list (void)
+{
+  if (npth_mutex_lock (&reaper_list_mutex))
+    log_fatal ("%s: failed to acquire mutex: %s\n", __func__,
+               gpg_strerror (gpg_error_from_syserror ()));
+}
+
+
+static void
+unlock_reaper_list (void)
+{
+  if (npth_mutex_unlock (&reaper_list_mutex))
+    log_fatal ("%s: failed to release mutex: %s\n", __func__,
+               gpg_strerror (gpg_error_from_syserror ()));
+}
+
+
+
 /* Read a fixed amount of data from READER into BUFFER.  */
 static gpg_error_t
 read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
@@ -234,8 +260,13 @@ read_log_data (struct wrapper_context_s *ctx)
   if (rc || !n)  /* Error or EOF.  */
     {
       if (rc)
-        log_error (_("error reading log from ldap wrapper %d: %s\n"),
-                   (int)ctx->pid, strerror (errno));
+        {
+          gpg_error_t err = gpg_error_from_syserror ();
+          if (gpg_err_code (err) == GPG_ERR_EAGAIN)
+            return 0;
+          log_error (_("error reading log from ldap wrapper %d: %s\n"),
+                     (int)ctx->pid, gpg_strerror (err));
+        }
       print_log_line (ctx, NULL);  /* Flush.  */
       SAFE_CLOSE (ctx->log_fp);
       return 1;
@@ -252,7 +283,7 @@ read_log_data (struct wrapper_context_s *ctx)
 /* This function is run by a separate thread to maintain the list of
    wrappers and to log error messages from these wrappers.  */
 void *
-ldap_wrapper_thread (void *dummy)
+ldap_reaper_thread (void *dummy)
 {
   gpg_error_t err;
   struct wrapper_context_s *ctx;
@@ -263,7 +294,7 @@ ldap_wrapper_thread (void *dummy)
   int millisecs;
   gpgrt_poll_t *fparray = NULL;
   int fparraysize = 0;
-  int count;
+  int count, i;
   int ret;
   time_t exptime;
 
@@ -272,15 +303,65 @@ ldap_wrapper_thread (void *dummy)
   npth_clock_gettime (&abstime);
   abstime.tv_sec += TIMERTICK_INTERVAL;
 
-  /* FIXME: When we are idle (i.e. !COUNT) we should not use the
-   * TIMERTICK_INTERVAL but wait on a mutex to avoid unnecessary
-   * wakeups.  */
-
- restart:
   for (;;)
     {
       int any_action = 0;
 
+      /* Wait until we are needed and then setup the FPARRAY.  */
+      /* Note: There is one unlock inside the block!  */
+      lock_reaper_list ();
+      {
+        while (!reaper_list && !shutting_down)
+          {
+            if (npth_cond_wait (&reaper_run_cond, &reaper_list_mutex))
+              log_error ("ldap-reaper: waiting on condition failed: %s\n",
+                         gpg_strerror (gpg_error_from_syserror ()));
+          }
+
+        for (count = 0, ctx = reaper_list; ctx; ctx = ctx->next)
+          if (ctx->log_fp)
+            count++;
+        if (count > fparraysize || !fparray)
+          {
+            /* Need to realloc the array.  We simply discard it and
+             * replace it by a new one.  */
+            xfree (fparray);
+            fparray = xtrycalloc (count? count : 1, sizeof *fparray);
+            if (!fparray)
+              {
+                err = gpg_error_from_syserror ();
+                log_error ("ldap-reaper can't allocate poll array: %s"
+                           " - waiting 1s\n", gpg_strerror (err));
+                /* Note: Here we unlock and continue! */
+                unlock_reaper_list ();
+                npth_sleep (1);
+                continue;
+            }
+            fparraysize = count;
+          }
+        for (count = 0, ctx = reaper_list; ctx; ctx = ctx->next)
+          {
+            if (ctx->log_fp)
+              {
+                log_assert (count < fparraysize);
+                fparray[count].stream = ctx->log_fp;
+                fparray[count].want_read = 1;
+                fparray[count].ignore = 0;
+                ctx->reaper_idx = count;
+                count++;
+              }
+            else
+              {
+                ctx->reaper_idx = -1;
+                fparray[count].ignore = 1;
+              }
+          }
+        for (i=count; i < fparraysize; i++)
+          fparray[i].ignore = 1;
+      }
+      unlock_reaper_list (); /* Note the one unlock inside the block.  */
+
+      /* Compute the next timeout.  */
       npth_clock_gettime (&curtime);
       if (!(npth_timercmp (&curtime, &abstime, <)))
 	{
@@ -294,54 +375,10 @@ ldap_wrapper_thread (void *dummy)
       if (millisecs < 0)
         millisecs = 1;
 
-      /* Setup FPARRAY.  */
-      for (count = 0, ctx = wrapper_list; ctx; ctx = ctx->next)
-        if (ctx->log_fp)
-          count++;
-      if (DBG_EXTPROG)
-        log_debug ("ldap-reaper: next run (count=%d size=%d, timeout=%d)\n",
-                   count, fparraysize, millisecs);
-      if (count > fparraysize || !fparray)
-        {
-          /* Need to realloc the array.  We simply discard it and
-           * replace it by a new one.  */
-          xfree (fparray);
-          fparray = xtrycalloc (count? count : 1, sizeof *fparray);
-          if (!fparray)
-            {
-              err = gpg_error_from_syserror ();
-              log_error ("ldap-reaper can't allocate poll array: %s"
-                         " - waiting 1s\n", gpg_strerror (err));
-              npth_sleep (1);
-              continue;
-            }
-          fparraysize = count;
-        }
-      for (count = 0, ctx = wrapper_list; ctx; ctx = ctx->next)
-        {
-          if (ctx->log_fp)
-            {
-              if (count > fparraysize)
-                {
-                  /* Another thread added more items to WRAPPER_LIST.
-                   * Note that the calloc above is a system call and
-                   * thus may caused a context switch. */
-                  goto restart;
-                }
-              fparray[count].stream = ctx->log_fp;
-              fparray[count].want_read = 1;
-              fparray[count].ignore = 0;
-              ctx->reaper_idx = count;
-              count++;
-            }
-          else
-            ctx->reaper_idx = -1;
-        }
-      for (; count < fparraysize; count++)
-        fparray[count].ignore = 1;
-
       if (DBG_EXTPROG)
         {
+          log_debug ("ldap-reaper: next run (count=%d size=%d, timeout=%d)\n",
+                     count, fparraysize, millisecs);
           for (count=0; count < fparraysize; count++)
             if (!fparray[count].ignore)
               log_debug ("ldap-reaper: fp[%d] stream=%p want=%d\n",
@@ -368,8 +405,15 @@ ldap_wrapper_thread (void *dummy)
         {
           for (count=0; count < fparraysize; count++)
             if (!fparray[count].ignore)
-              log_debug ("ldap-reaper: fp[%d] stream=%p got=%d\n",
-                         count, fparray[count].stream, fparray[count].got_read);
+              log_debug ("ldap-reaper: fp[%d] stream=%p r=%d %c%c%c%c%c%c%c\n",
+                         count, fparray[count].stream, ret,
+                         fparray[count].got_read? 'r':'-',
+                         fparray[count].got_write?'w':'-',
+                         fparray[count].got_oob?  'o':'-',
+                         fparray[count].got_rdhup?'H':'-',
+                         fparray[count].got_err?  'e':'-',
+                         fparray[count].got_hup?  'h':'-',
+                         fparray[count].got_nval? 'n':'-');
         }
 
       /* All timestamps before exptime should be considered expired.  */
@@ -377,115 +421,115 @@ ldap_wrapper_thread (void *dummy)
       if (exptime > INACTIVITY_TIMEOUT)
         exptime -= INACTIVITY_TIMEOUT;
 
-      /* Note that there is no need to lock the list because we always
-         add entries at the head (with a pending event status) and
-         thus traversing the list will even work if we have a context
-         switch in waitpid.  */
-      for (ctx = wrapper_list; ctx; ctx = ctx->next)
-        {
-          /* Check whether there is any logging to be done.  We need
-           * to check FPARRAYSIZE because it can be 0 in case es_poll
-           * returned a timeout.  */
-          if (fparraysize && ctx->log_fp && ctx->reaper_idx >= 0)
-            {
-              log_assert (ctx->reaper_idx < fparraysize);
-              if (fparray[ctx->reaper_idx].got_read)
-                {
-                  if (read_log_data (ctx))
-                    {
-                      SAFE_CLOSE (ctx->log_fp);
-                      any_action = 1;
-                    }
-                }
-            }
-
-          /* Check whether the process is still running.  */
-          if (ctx->pid != (pid_t)(-1))
-            {
-	      int status;
-
-	      err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
-                                        &status);
-              if (!err)
-                {
-                  if (DBG_EXTPROG)
-                    log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
-                  ctx->ready = 1;
-		  gnupg_release_process (ctx->pid);
-                  ctx->pid = (pid_t)(-1);
-                  any_action = 1;
-                }
-              else if (gpg_err_code (err) == GPG_ERR_GENERAL)
-                {
-                  if (status == 10)
-                    log_info (_("ldap wrapper %d ready: timeout\n"),
-                              (int)ctx->pid);
-                  else
-                    log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
-                              (int)ctx->pid, status);
-                  ctx->ready = 1;
-		  gnupg_release_process (ctx->pid);
-                  ctx->pid = (pid_t)(-1);
-                  any_action = 1;
-                }
-              else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
-                {
-                  log_error (_("waiting for ldap wrapper %d failed: %s\n"),
-                             (int)ctx->pid, gpg_strerror (err));
-                  any_action = 1;
-                }
-            }
-
-          /* Check whether we should terminate the process. */
-          if (ctx->pid != (pid_t)(-1)
-              && ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
-            {
-              gnupg_kill_process (ctx->pid);
-              ctx->stamp = (time_t)(-1);
-              log_info (_("ldap wrapper %d stalled - killing\n"),
-                        (int)ctx->pid);
-              /* We need to close the log stream because the cleanup
-               * loop waits for it.  */
-              SAFE_CLOSE (ctx->log_fp);
-              any_action = 1;
-            }
-        }
-
-      /* If something has been printed to the log file or we got an
-         EOF from a wrapper, we now print the list of active
-         wrappers.  */
-      if (any_action && DBG_EXTPROG)
-        {
-          log_debug ("ldap worker stati:\n");
-          for (ctx = wrapper_list; ctx; ctx = ctx->next)
-            log_debug ("  c=%p pid=%d/%d rdr=%p logfp=%p"
-                       " ctrl=%p/%d la=%lu rdy=%d\n",
-                       ctx,
-                       (int)ctx->pid, (int)ctx->printable_pid,
-                       ctx->reader, ctx->log_fp,
-                       ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
-                       (unsigned long)ctx->stamp, ctx->ready);
-        }
+      lock_reaper_list ();
+      {
+        for (ctx = reaper_list; ctx; ctx = ctx->next)
+          {
+            /* Check whether there is any logging to be done.  We need
+             * to check FPARRAYSIZE because it can be 0 in case
+             * es_poll returned a timeout.  */
+            if (fparraysize && ctx->log_fp && ctx->reaper_idx >= 0)
+              {
+                log_assert (ctx->reaper_idx < fparraysize);
+                if (fparray[ctx->reaper_idx].got_read)
+                  {
+                    if (read_log_data (ctx))
+                      {
+                        SAFE_CLOSE (ctx->log_fp);
+                        any_action = 1;
+                      }
+                  }
+              }
+
+            /* Check whether the process is still running.  */
+            if (ctx->pid != (pid_t)(-1))
+              {
+                int status;
+
+                err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
+                                          &status);
+                if (!err)
+                  {
+                    if (DBG_EXTPROG)
+                      log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
+                    ctx->ready = 1;
+                    gnupg_release_process (ctx->pid);
+                    ctx->pid = (pid_t)(-1);
+                    any_action = 1;
+                  }
+                else if (gpg_err_code (err) == GPG_ERR_GENERAL)
+                  {
+                    if (status == 10)
+                      log_info (_("ldap wrapper %d ready: timeout\n"),
+                                (int)ctx->pid);
+                    else
+                      log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
+                                (int)ctx->pid, status);
+                    ctx->ready = 1;
+                    gnupg_release_process (ctx->pid);
+                    ctx->pid = (pid_t)(-1);
+                    any_action = 1;
+                  }
+                else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
+                  {
+                    log_error (_("waiting for ldap wrapper %d failed: %s\n"),
+                               (int)ctx->pid, gpg_strerror (err));
+                    any_action = 1;
+                  }
+              }
+
+            /* Check whether we should terminate the process. */
+            if (ctx->pid != (pid_t)(-1)
+                && ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
+              {
+                gnupg_kill_process (ctx->pid);
+                ctx->stamp = (time_t)(-1);
+                log_info (_("ldap wrapper %d stalled - killing\n"),
+                          (int)ctx->pid);
+                /* We need to close the log stream because the cleanup
+                 * loop waits for it.  */
+                SAFE_CLOSE (ctx->log_fp);
+                any_action = 1;
+              }
+          }
 
+        /* If something has been printed to the log file or we got an
+         * EOF from a wrapper, we now print the list of active
+         * wrappers.  */
+        if (any_action && DBG_EXTPROG)
+          {
+            log_debug ("ldap worker stati:\n");
+            for (ctx = reaper_list; ctx; ctx = ctx->next)
+              log_debug ("  c=%p pid=%d/%d rdr=%p logfp=%p"
+                         " ctrl=%p/%d la=%lu rdy=%d\n",
+                         ctx,
+                         (int)ctx->pid, (int)ctx->printable_pid,
+                         ctx->reader, ctx->log_fp,
+                         ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
+                         (unsigned long)ctx->stamp, ctx->ready);
+          }
 
-      /* Use an extra loop to check whether ready marked wrappers may
-       * be removed.  We may only do so if the ksba reader object is
-       * not anymore in use or we are in shutdown state.  */
-     again:
-      for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
-        if (ctx->ready
-            && ((!ctx->log_fp && !ctx->reader) || shutting_down))
+        /* An extra loop to check whether ready marked wrappers may be
+         * removed.  We may only do so if the ksba reader object is
+         * not anymore in use or we are in shutdown state.  */
+      again:
+        for (ctx_prev=NULL, ctx=reaper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
           {
-            if (ctx_prev)
-              ctx_prev->next = ctx->next;
-            else
-              wrapper_list = ctx->next;
-            destroy_wrapper (ctx);
-            /* We need to restart because destroy_wrapper might have
-             * done a context switch. */
-            goto again;
+            if (ctx->ready
+                && ((!ctx->log_fp && !ctx->reader) || shutting_down))
+              {
+                if (ctx_prev)
+                  ctx_prev->next = ctx->next;
+                else
+                  reaper_list = ctx->next;
+                destroy_wrapper (ctx);
+                goto again;
+              }
           }
+      }
+      unlock_reaper_list ();
     }
+
   /*NOTREACHED*/
   return NULL; /* Make the compiler happy.  */
 }
@@ -494,7 +538,7 @@ ldap_wrapper_thread (void *dummy)
 
 /* Start the reaper thread for the ldap wrapper.  */
 void
-ldap_wrapper_launch_thread (void)
+ldap_reaper_launch_thread (void)
 {
   static int done;
   npth_attr_t tattr;
@@ -505,14 +549,21 @@ ldap_wrapper_launch_thread (void)
     return;
   done = 1;
 
+#ifdef HAVE_W32_SYSTEM
+  /* Static init does not yet work in W32 nPth.  */
+  if (npth_cond_init (&reaper_run_cond, NULL))
+    log_fatal ("%s: failed to init condition variabale: %s\n",
+               __func__, gpg_strerror (gpg_error_from_syserror ()));
+#endif
+
   npth_attr_init (&tattr);
   npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
 
-  err = npth_create (&thread, &tattr, ldap_wrapper_thread, NULL);
-  if (err)
+  if (npth_create (&thread, &tattr, ldap_reaper_thread, NULL))
     {
-      log_error (_("error spawning ldap wrapper reaper thread: %s\n"),
-                 strerror (err) );
+      err = gpg_error_from_syserror ();
+      log_error ("error spawning ldap reaper reaper thread: %s\n",
+                 gpg_strerror (err) );
       dirmngr_exit (1);
     }
   npth_setname_np (thread, "ldap-reaper");
@@ -526,9 +577,15 @@ ldap_wrapper_launch_thread (void)
 void
 ldap_wrapper_wait_connections ()
 {
-  shutting_down = 1;
-  /* FIXME: This is a busy wait.  */
-  while (wrapper_list)
+  lock_reaper_list ();
+  {
+    shutting_down = 1;
+    if (npth_cond_signal (&reaper_run_cond))
+      log_error ("%s: Ooops: signaling condition failed: %s\n",
+                 __func__, gpg_strerror (gpg_error_from_syserror ()));
+  }
+  unlock_reaper_list ();
+  while (reaper_list)
     npth_usleep (200);
 }
 
@@ -543,30 +600,35 @@ ldap_wrapper_release_context (ksba_reader_t reader)
   if (!reader )
     return;
 
-  for (ctx=wrapper_list; ctx; ctx=ctx->next)
-    if (ctx->reader == reader)
-      {
-        if (DBG_EXTPROG)
-          log_debug ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
-                    ctx,
-                    (int)ctx->pid, (int)ctx->printable_pid,
-                    ctx->reader,
-                    ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
-
-        ctx->reader = NULL;
-        SAFE_CLOSE (ctx->fp);
-        if (ctx->ctrl)
-          {
-            ctx->ctrl->refcount--;
-            ctx->ctrl = NULL;
-          }
-        if (ctx->fp_err)
-          log_info (_("reading from ldap wrapper %d failed: %s\n"),
-                    ctx->printable_pid, gpg_strerror (ctx->fp_err));
-        break;
-      }
+  lock_reaper_list ();
+  {
+    for (ctx=reaper_list; ctx; ctx=ctx->next)
+      if (ctx->reader == reader)
+        {
+          if (DBG_EXTPROG)
+            log_debug ("releasing ldap worker c=%p pid=%d/%d rdr=%p"
+                       " ctrl=%p/%d\n", ctx,
+                       (int)ctx->pid, (int)ctx->printable_pid,
+                       ctx->reader,
+                       ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
+
+          ctx->reader = NULL;
+          SAFE_CLOSE (ctx->fp);
+          if (ctx->ctrl)
+            {
+              ctx->ctrl->refcount--;
+              ctx->ctrl = NULL;
+            }
+          if (ctx->fp_err)
+            log_info ("%s: reading from ldap wrapper %d failed: %s\n",
+                      __func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
+          break;
+        }
+  }
+  unlock_reaper_list ();
 }
 
+
 /* Cleanup all resources held by the connection associated with
    CTRL.  This is used after a cancel to kill running wrappers.  */
 void
@@ -574,17 +636,21 @@ ldap_wrapper_connection_cleanup (ctrl_t ctrl)
 {
   struct wrapper_context_s *ctx;
 
-  for (ctx=wrapper_list; ctx; ctx=ctx->next)
-    if (ctx->ctrl && ctx->ctrl == ctrl)
-      {
-        ctx->ctrl->refcount--;
-        ctx->ctrl = NULL;
-        if (ctx->pid != (pid_t)(-1))
-          gnupg_kill_process (ctx->pid);
-        if (ctx->fp_err)
-          log_info (_("reading from ldap wrapper %d failed: %s\n"),
-                    ctx->printable_pid, gpg_strerror (ctx->fp_err));
-      }
+  lock_reaper_list ();
+  {
+    for (ctx=reaper_list; ctx; ctx=ctx->next)
+      if (ctx->ctrl && ctx->ctrl == ctrl)
+        {
+          ctx->ctrl->refcount--;
+          ctx->ctrl = NULL;
+          if (ctx->pid != (pid_t)(-1))
+            gnupg_kill_process (ctx->pid);
+          if (ctx->fp_err)
+            log_info ("%s: reading from ldap wrapper %d failed: %s\n",
+                      __func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
+        }
+  }
+  unlock_reaper_list ();
 }
 
 
@@ -650,6 +716,12 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
       if (millisecs < 0)
         millisecs = 1;
 
+      if (DBG_EXTPROG)
+        {
+          log_debug ("%s: fp[0] stream=%p want=%d\n",
+                     __func__, fparray[0].stream,fparray[0].want_read);
+        }
+
       ret = es_poll (fparray, DIM (fparray), millisecs);
       if (ret < 0)
 	{
@@ -659,6 +731,18 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
           SAFE_CLOSE (ctx->fp);
           return -1;
         }
+      if (DBG_EXTPROG)
+        {
+          log_debug ("%s: fp[0] stream=%p r=%d %c%c%c%c%c%c%c\n",
+                     __func__, fparray[0].stream, ret,
+                     fparray[0].got_read? 'r':'-',
+                     fparray[0].got_write?'w':'-',
+                     fparray[0].got_oob?  'o':'-',
+                     fparray[0].got_rdhup?'H':'-',
+                     fparray[0].got_err?  'e':'-',
+                     fparray[0].got_hup?  'h':'-',
+                     fparray[0].got_nval? 'n':'-');
+        }
       if (!ret)
         {
           /* Timeout.  Will be handled when calculating the next timeout.  */
@@ -672,8 +756,15 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
           if (es_read (ctx->fp, buffer, nleft, &n))
             {
               ctx->fp_err = gpg_error_from_syserror ();
-              SAFE_CLOSE (ctx->fp);
-              return -1;
+              if (gpg_err_code (ctx->fp_err) == GPG_ERR_EAGAIN)
+                ctx->fp_err = 0;
+              else
+                {
+                  log_error ("%s: error reading: %s (%d)\n",
+                             __func__, gpg_strerror (ctx->fp_err), ctx->fp_err);
+                  SAFE_CLOSE (ctx->fp);
+                  return -1;
+                }
             }
           else if (!n) /* EOF */
             {
@@ -726,7 +817,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
      wrapper module to do the logging on its own.  Given that we anyway
      need a way to reap the child process and this is best done using a
      general reaping thread, that thread can do the logging too. */
-  ldap_wrapper_launch_thread ();
+  ldap_reaper_launch_thread ();
 
   *reader = NULL;
 
@@ -799,9 +890,17 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
     }
 
   /* Hook the context into our list of running wrappers.  */
-  ctx->reader = *reader;
-  ctx->next = wrapper_list;
-  wrapper_list = ctx;
+  lock_reaper_list ();
+  {
+    ctx->reader = *reader;
+    ctx->next = reaper_list;
+    reaper_list = ctx;
+    if (npth_cond_signal (&reaper_run_cond))
+      log_error ("ldap-wrapper: Ooops: signaling condition failed: %s (%d)\n",
+                 gpg_strerror (gpg_error_from_syserror ()), errno);
+  }
+  unlock_reaper_list ();
+
   if (DBG_EXTPROG)
     log_debug ("ldap wrapper %d started (%p, %s)\n",
                (int)ctx->pid, ctx->reader, pgmname);
-- 
cgit v1.2.3


From 3bd793256e2e4be52075d50ccf2df70c4a2e1a0f Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Wed, 2 May 2018 14:01:33 +0200
Subject: common,w32: Hide spawned processes by default

* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.

--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.

I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.

This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.

GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
---
 common/exechelp-w32.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index 2c44e2c75..da174508e 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -555,7 +555,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
   memset (&si, 0, sizeof si);
   si.cb = sizeof (si);
   si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
-  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_HIDE;
   si.hStdInput  = inpipe[0]  == INVALID_HANDLE_VALUE? nullhd[0] : inpipe[0];
   si.hStdOutput = outpipe[1] == INVALID_HANDLE_VALUE? nullhd[1] : outpipe[1];
   si.hStdError  = errpipe[1] == INVALID_HANDLE_VALUE? nullhd[2] : errpipe[1];
-- 
cgit v1.2.3


From 6365338816092845b0e08f25731f8eccc605d042 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 1 May 2018 19:48:44 +0200
Subject: speedo: Install Spanish translation for Libgpg-error.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 build-aux/speedo/w32/inst.nsi | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index b89876e44..df08fb074 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -743,6 +743,8 @@ Section "-libgpg-error" SEC_libgpg_error
   File share/locale/de/LC_MESSAGES/libgpg-error.mo
   SetOutPath "$INSTDIR\share\locale\eo\LC_MESSAGES"
   File share/locale/eo/LC_MESSAGES/libgpg-error.mo
+  SetOutPath "$INSTDIR\share\locale\es\LC_MESSAGES"
+  File share/locale/es/LC_MESSAGES/libgpg-error.mo
   SetOutPath "$INSTDIR\share\locale\fr\LC_MESSAGES"
   File share/locale/fr/LC_MESSAGES/libgpg-error.mo
   SetOutPath "$INSTDIR\share\locale\hu\LC_MESSAGES"
@@ -1249,6 +1251,9 @@ Section "-un.libgpg-error"
   Delete "$INSTDIR\share\locale\eo\LC_MESSAGES\libgpg-error.mo"
   RMDir "$INSTDIR\share\locale\eo\LC_MESSAGES"
   RMDir "$INSTDIR\share\locale\eo"
+  Delete "$INSTDIR\share\locale\es\LC_MESSAGES\libgpg-error.mo"
+  RMDir "$INSTDIR\share\locale\es\LC_MESSAGES"
+  RMDir "$INSTDIR\share\locale\es"
   Delete "$INSTDIR\share\locale\fr\LC_MESSAGES\libgpg-error.mo"
   RMDir "$INSTDIR\share\locale\fr\LC_MESSAGES"
   RMDir "$INSTDIR\share\locale\fr"
-- 
cgit v1.2.3


From ddfd39e91a532fd31cd0c20c5d4cf9643acc58bd Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 17:06:22 +0200
Subject: build: New configure option to help with nPth debugging.

* configure.ac: Add option --enable-npth-debug
--

This requires a not yet release nPth version to have an effect.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 configure.ac | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/configure.ac b/configure.ac
index f2814dd1d..e94bd30c4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -963,6 +963,17 @@ else
 *** we need the support of the New Portable Threads Library.
 ***]])
 fi
+#
+# Enable debugging of nPth
+#
+AC_ARG_ENABLE(npth-debug,
+   AC_HELP_STRING([--enable-npth-debug],
+                  [build with debug version of npth]),
+                  [if test $enableval = yes ; then
+                     AC_DEFINE(NPTH_ENABLE_DEBUG,1,
+                              [Build with debug version of nPth])
+                  fi])
+
 
 
 #
-- 
cgit v1.2.3


From 007dde93cc3971cb51d08e8c082e172506ae7f80 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 18:40:01 +0200
Subject: dirmngr: Implement timeout for dirmngr_ldap under Windows.

* dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
(set_timeout): Implement for W32.
--

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr_ldap.c | 48 ++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
index e05c77925..8452c3ba0 100644
--- a/dirmngr/dirmngr_ldap.c
+++ b/dirmngr/dirmngr_ldap.c
@@ -381,16 +381,56 @@ catch_alarm (int dummy)
 }
 #endif
 
+
+#ifdef HAVE_W32_SYSTEM
+static DWORD CALLBACK
+alarm_thread (void *arg)
+{
+  HANDLE timer = arg;
+
+  WaitForSingleObject (timer, INFINITE);
+  _exit (10);
+
+  return 0;
+}
+#endif
+
+
 static void
 set_timeout (my_opt_t myopt)
 {
+  if (myopt->alarm_timeout)
+    {
 #ifdef HAVE_W32_SYSTEM
-  /* FIXME for W32.  */
-  (void)myopt;
+      static HANDLE timer;
+      LARGE_INTEGER due_time;
+
+      /* A negative value is a relative time.  */
+      due_time.QuadPart = (unsigned long long)-10000000 * myopt->alarm_timeout;
+
+      if (!timer)
+        {
+          SECURITY_ATTRIBUTES sec_attr;
+          DWORD tid;
+
+          memset (&sec_attr, 0, sizeof sec_attr);
+          sec_attr.nLength = sizeof sec_attr;
+          sec_attr.bInheritHandle = FALSE;
+
+          /* Create a manual resetable timer.  */
+          timer = CreateWaitableTimer (NULL, TRUE, NULL);
+          /* Intially set the timer.  */
+          SetWaitableTimer (timer, &due_time, 0, NULL, NULL, 0);
+
+          if (CreateThread (&sec_attr, 0, alarm_thread, timer, 0, &tid))
+            log_error ("failed to create alarm thread\n");
+        }
+      else /* Retrigger the timer.  */
+        SetWaitableTimer (timer, &due_time, 0, NULL, NULL, 0);
 #else
-  if (myopt->alarm_timeout)
-    alarm (myopt->alarm_timeout);
+      alarm (myopt->alarm_timeout);
 #endif
+    }
 }
 
 
-- 
cgit v1.2.3


From f7f3043653abe699602f910ddd09c1405675c7f6 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 19:03:07 +0200
Subject: gpg: Fix "Too many open files" when using --multifile.

* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--

This seems to be a pretty old bug.  The fix is easy and also reveals
that -z0 can be used as a workaround.

GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 common/miscellaneous.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common/miscellaneous.c b/common/miscellaneous.c
index caeb66f81..62ac05a84 100644
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -401,6 +401,7 @@ is_file_compressed (const char *s, int *ret_rc)
         *ret_rc = gpg_error_from_syserror ();
         return 0;
     }
+    iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
 
     if ( iobuf_get_filelength( a, &overflow ) < 6 && !overflow) {
         *ret_rc = 0;
-- 
cgit v1.2.3


From d26363e4f1933781c86cbe87077fbf1b9a2b64d8 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 19:44:10 +0200
Subject: gpg: Fix minor memory leak in the compress filter.

* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--

GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/compress.c | 17 +++++++++++++----
 g10/filter.h   |  7 ++++---
 g10/import.c   |  6 ++++--
 3 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/g10/compress.c b/g10/compress.c
index 67c9c9bd6..e7a6f2b11 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -319,7 +319,8 @@ handle_compressed (ctrl_t ctrl, void *procctx, PKT_compressed *cd,
         cfx = xmalloc_clear (sizeof *cfx);
         cfx->release = release_context;
         cfx->algo = cd->algorithm;
-        push_compress_filter(cd->buf,cfx,cd->algorithm);
+        if (push_compress_filter(cd->buf, cfx, cd->algorithm))
+          xfree (cfx);
     }
     if( callback )
 	rc = callback(cd->buf, passthru );
@@ -329,16 +330,20 @@ handle_compressed (ctrl_t ctrl, void *procctx, PKT_compressed *cd,
     return rc;
 }
 
-void
+gpg_error_t
 push_compress_filter(IOBUF out,compress_filter_context_t *zfx,int algo)
 {
-  push_compress_filter2(out,zfx,algo,0);
+  return push_compress_filter2(out,zfx,algo,0);
 }
 
-void
+
+/* Push a compress filter and return 0 if that succeeded.  */
+gpg_error_t
 push_compress_filter2(IOBUF out,compress_filter_context_t *zfx,
 		      int algo,int rel)
 {
+  gpg_error_t err = gpg_error (GPG_ERR_FALSE);
+
   if(algo>=0)
     zfx->algo=algo;
   else
@@ -353,16 +358,20 @@ push_compress_filter2(IOBUF out,compress_filter_context_t *zfx,
     case COMPRESS_ALGO_ZIP:
     case COMPRESS_ALGO_ZLIB:
       iobuf_push_filter2(out,compress_filter,zfx,rel);
+      err = 0;
       break;
 #endif
 
 #ifdef HAVE_BZIP2
     case COMPRESS_ALGO_BZIP2:
       iobuf_push_filter2(out,compress_filter_bz2,zfx,rel);
+      err = 0;
       break;
 #endif
 
     default:
       BUG();
     }
+
+  return err;
 }
diff --git a/g10/filter.h b/g10/filter.h
index 9e4b1e538..2c1e513ce 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -140,9 +140,10 @@ void        unarmor_pump_release (UnarmorPump x);
 int         unarmor_pump (UnarmorPump x, int c);
 
 /*-- compress.c --*/
-void push_compress_filter(iobuf_t out,compress_filter_context_t *zfx,int algo);
-void push_compress_filter2(iobuf_t out,compress_filter_context_t *zfx,
-			   int algo,int rel);
+gpg_error_t push_compress_filter (iobuf_t out, compress_filter_context_t *zfx,
+                                  int algo);
+gpg_error_t push_compress_filter2 (iobuf_t out,compress_filter_context_t *zfx,
+                                   int algo, int rel);
 
 /*-- cipher.c --*/
 int cipher_filter( void *opaque, int control,
diff --git a/g10/import.c b/g10/import.c
index 71e39557c..c07f67fe2 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -767,7 +767,7 @@ valid_keyblock_packet (int pkttype)
  * Meta data (ring trust packets) are only considered of WITH_META is set.
  * PENDING_PKT should be initialized to NULL and not changed by the caller.
  * Return: 0 = okay, -1 no more blocks or another errorcode.
- *         The int at at R_V3KEY counts the number of unsupported v3
+ *         The int at R_V3KEY counts the number of unsupported v3
  *         keyblocks.
  */
 static int
@@ -856,7 +856,9 @@ read_block( IOBUF a, int with_meta,
 	      {
 		compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
 		pkt->pkt.compressed->buf = NULL;
-		push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1);
+		if (push_compress_filter2 (a, cfx,
+                                           pkt->pkt.compressed->algorithm, 1))
+                  xfree (cfx); /* e.g. in case of compression_algo NONE.  */
 	      }
 	    free_packet (pkt, &parsectx);
 	    init_packet(pkt);
-- 
cgit v1.2.3


From 71a6e90649a681487fd2fa5b4e19c46d301c2a4f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 20:42:51 +0200
Subject: po: Auto update

--
---
 po/ca.po    |  53 +++++-------
 po/cs.po    |  52 ++++++------
 po/da.po    |  61 ++++++--------
 po/de.po    |  52 ++++++------
 po/el.po    |  53 +++++-------
 po/eo.po    |  53 +++++-------
 po/es.po    | 272 ++++++++++++++++++++++++++----------------------------------
 po/et.po    |  53 +++++-------
 po/fi.po    |  53 +++++-------
 po/fr.po    |  54 ++++++------
 po/gl.po    |  53 +++++-------
 po/hu.po    |  53 +++++-------
 po/id.po    |  53 +++++-------
 po/it.po    |  53 +++++-------
 po/ja.po    |  58 ++++++-------
 po/nb.po    |  52 ++++++------
 po/pl.po    |  61 ++++++--------
 po/pt.po    |  53 +++++-------
 po/ro.po    |  57 ++++++-------
 po/ru.po    |  53 ++++++------
 po/sk.po    |  53 +++++-------
 po/sv.po    |  61 ++++++--------
 po/tr.po    |  61 ++++++--------
 po/uk.po    |  55 ++++++------
 po/zh_CN.po |  57 ++++++-------
 po/zh_TW.po |  52 ++++++------
 26 files changed, 727 insertions(+), 914 deletions(-)

diff --git a/po/ca.po b/po/ca.po
index dd2407e46..31c20ad38 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -7988,33 +7988,18 @@ msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: error en escriure el registre de directoris: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "hi ha massa preferències «%c»\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "error en crear «%s»: %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "error en la lectura de «%s»: %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: error en escriure el registre de directoris: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8475,10 +8460,6 @@ msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "ha fallat l'actualització de la clau secreta: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8499,14 +8480,6 @@ msgstr "ha fallat l'actualització: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8574,6 +8547,14 @@ msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "hi ha massa preferències «%c»\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
@@ -9191,6 +9172,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "error en la lectura de «%s»: %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "ha fallat l'actualització de la clau secreta: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Quina grandària voleu? (1024) "
diff --git a/po/cs.po b/po/cs.po
index 79b4bc2d8..06f91b171 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -7487,32 +7487,18 @@ msgstr "volání crl_cache_insert přes vydavatele selhalo: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "tabulka mapování čtenáře na soubor je plná – čeká se\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "namísto „https“ se použije „http“\n"
-
 # Poslední argument je název protokolu
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "Přístup k CRL není možný kvůli vypnutému %s\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "chyba při inicializaci čtecího objektu: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "URL „%s“ přesměrováno na „%s“ (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "příliš mnoho přesměrování\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "chyba při získávání „%s“: %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "chyba při získávání „%s“: status HTTP je %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "chyba při inicializaci čtecího objektu: %s\n"
 
 # Poslední argument je název protokolu
 msgid "CRL access not possible due to Tor mode\n"
@@ -7928,10 +7914,6 @@ msgstr "chyba při tisknutí řádku protokolu: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "chyba při čtení protokolu z ldapové obálky č. %d: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "npth_select selhala: %s – čeká se 1 s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "ldapová obálka %d připravena"
@@ -7952,14 +7934,6 @@ msgstr "čekání na ldapovou obálku %d selhalo: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldapová obálka %d se zasekla – bude zabita\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "chyba při zakládání vlákna ovládajícího obálku LDAPu: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "čtení z ldapové obálky %d selhalo: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "v názvu stroje je neplatný znak 0x%02x – nepřidáno\n"
@@ -8023,6 +7997,13 @@ msgstr "chyba při připojování na „%s“: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "chyba při čtení HTTP odpovědi od „%s“: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "URL „%s“ přesměrováno na „%s“ (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "příliš mnoho přesměrování\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "chyba při rozebírání OCSP odpovědi od „%s“: %s\n"
@@ -8612,6 +8593,21 @@ msgstr ""
 "Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
 "Prověří heslo zadané na vstupu proti souboru se vzory\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "namísto „https“ se použije „http“\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "chyba při získávání „%s“: status HTTP je %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "npth_select selhala: %s – čeká se 1 s\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "chyba při zakládání vlákna ovládajícího obálku LDAPu: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "čtení z ldapové obálky %d selhalo: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Jakou délku klíče pro podepisování si přejete? (%u) "
 
diff --git a/po/da.po b/po/da.po
index 156dabce6..c8cd33c9e 100644
--- a/po/da.po
+++ b/po/da.po
@@ -7946,36 +7946,19 @@ msgstr "modtagelse af linje mislykkedes: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: fejl ved skrivning af mappepost: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-#| msgid "too many cipher preferences\n"
-msgid "too many redirections\n"
-msgstr "for mange chifferpræferencer\n"
-
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s': %s\n"
 msgstr "fejl ved indhentelse af »%s« via %s: %s\n"
 
 #, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
-msgid "error retrieving '%s': http status %u\n"
-msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: fejl ved skrivning af mappepost: %s\n"
 
 #, fuzzy
 #| msgid "certificate `%s' not found: %s\n"
@@ -8476,11 +8459,6 @@ msgstr "fejl ved skrivning til »%s«: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "fejl ved læsning fra %s: %s\n"
 
-#, fuzzy, c-format
-#| msgid "pth_select failed: %s - waiting 1s\n"
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "pth_select mislykkeds: %s - venter 1s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8502,15 +8480,6 @@ msgstr "ventning på at proces %d skulle terminere mislykkedes: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8588,6 +8557,15 @@ msgstr "fejl ved skrivning til »%s«: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "fejl ved læsning fra %s: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "too many cipher preferences\n"
+msgid "too many redirections\n"
+msgstr "for mange chifferpræferencer\n"
+
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error parsing OCSP response for '%s': %s\n"
@@ -9259,6 +9237,21 @@ msgstr ""
 "Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
 "Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
 
+#, fuzzy
+#~| msgid "error running `%s': exit status %d\n"
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
+
+#, fuzzy
+#~| msgid "pth_select failed: %s - waiting 1s\n"
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "pth_select mislykkeds: %s - venter 1s\n"
+
+#, fuzzy
+#~| msgid "reading public key failed: %s\n"
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Hvilken nøglestørrelse ønsker du for underskriftsnøglen (%u) "
 
diff --git a/po/de.po b/po/de.po
index ae5fef24b..87c3c153c 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7653,31 +7653,17 @@ msgstr "crl_cache_insert über den Issuer fehlgeschlagen: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "\"reader to file\" Zuordnungstabelle ist voll - warte\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "Es wird \"HTTP\" anstatt \"HTTPS\" verwendet\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "CRL Zugriff nicht möglich da %s abgeschaltet ist\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "Fehler beim Initialisieren des \"reader\" Objekts: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "URL `%s' nach `%s' umgeleitet (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "zu viele verschachtelte Umleitungen\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "Fehler beim Holen von `%s': %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "Fehler beim Initialisieren des \"reader\" Objekts: %s\n"
 
 msgid "CRL access not possible due to Tor mode\n"
 msgstr "CRL Zugriff ist im Tor Modus nicht möglich\n"
@@ -8096,10 +8082,6 @@ msgstr "Fehler beim Schreiben einer Logzeile: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "Fehler beim Lesen des Logs vom LDAP Wrapper %d: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "LDAP Wrapper %d fertig"
@@ -8120,14 +8102,6 @@ msgstr "Warten auf den LDAP Wrapper %d fehlgeschlagen: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "LDAP Wrapper %d versackt - abgeschossen\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "Fehler beim Starten des LDAP Wrapper Kontrollthreads: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "Lesen vom LDAP Wrapper %d fehlgeschlagen: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "Ungültiges Zeichen 0x%02X im Hostnamen - nicht hinzugefügt\n"
@@ -8191,6 +8165,13 @@ msgstr "Fehler beim Verbinden mit '%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "Fehler beim Lesen der HTTP Antwort von `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "URL `%s' nach `%s' umgeleitet (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "zu viele verschachtelte Umleitungen\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "Fehler beim Zerlegen der OCSP Antwort für `%s': %s\n"
@@ -8785,6 +8766,21 @@ msgstr ""
 "Syntax: gpg-check-pattern [optionen] Musterdatei\n"
 "Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "Es wird \"HTTP\" anstatt \"HTTPS\" verwendet\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "Fehler beim Starten des LDAP Wrapper Kontrollthreads: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "Lesen vom LDAP Wrapper %d fehlgeschlagen: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr ""
 #~ "Welche Schlüssellänge wünschen Sie für den Signatur-Schlüssel? (%u) "
diff --git a/po/el.po b/po/el.po
index def69a414..3300d5cf2 100644
--- a/po/el.po
+++ b/po/el.po
@@ -7827,33 +7827,18 @@ msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: σφάλμα στην εγγραφή της εγγραφής dir : %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "πάρα πολλές `%c' προεπιλογές\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "σφάλμα κατά τη δημιουργία του `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: σφάλμα στην εγγραφή της εγγραφής dir : %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8301,10 +8286,6 @@ msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "η ενημέρωση μυστικού απέτυχε: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8325,14 +8306,6 @@ msgstr "η ενημέρωση απέτυχε: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8400,6 +8373,14 @@ msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "πάρα πολλές `%c' προεπιλογές\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
@@ -9017,6 +8998,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "η ενημέρωση μυστικού απέτυχε: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Τι μέγεθος κλειδιού θα θέλατε; (1024) "
diff --git a/po/eo.po b/po/eo.po
index 0e3f40c27..fb797f07b 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -7770,33 +7770,18 @@ msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "tro da '%c'-preferoj\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "eraro dum kreado de '%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "eraro dum legado de '%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8243,10 +8228,6 @@ msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "aktualigo de sekreto malsukcesis: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8267,14 +8248,6 @@ msgstr "aktualigo malsukcesis: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8342,6 +8315,14 @@ msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "tro da '%c'-preferoj\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
@@ -8958,6 +8939,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "eraro dum legado de '%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "aktualigo de sekreto malsukcesis: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Kiun ŝlosilgrandon vi deziras? (1024) "
diff --git a/po/es.po b/po/es.po
index 3fdaac455..c0f69efed 100644
--- a/po/es.po
+++ b/po/es.po
@@ -99,8 +99,6 @@ msgstr "PIN:"
 msgid "Passphrase:"
 msgstr "Frase contraseña:"
 
-#. The re-entered one did not match and the user did not
-#. hit cancel.
 msgid "does not match - try again"
 msgstr "no coincide - reinténtelo"
 
@@ -587,13 +585,10 @@ msgstr "error abriendo '%s': %s\n"
 msgid "file '%s', line %d: %s\n"
 msgstr "fichero '%s', línea %d: %s\n"
 
-#. Same file.
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "declaración \"%s\" ignorada en '%s', línea %d\n"
 
-#. A non existent system trustlist is not an error.
-#. Just print a note.
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "la lista de confianza '%s' del sistema no está disponible\n"
@@ -660,7 +655,6 @@ msgstr "Correcto"
 msgid "Wrong"
 msgstr "Incorrecto"
 
-#. No protection date known - must force passphrase change.
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
@@ -698,8 +692,6 @@ msgstr ""
 "Cuidado: ¡Esta clave también está listada para usarse con SSH!\n"
 "Borrarla puede remover tu capacidad de acceder a máquinas remotas."
 
-#. FIXME: We check the QBITS but print a message about the hash
-#. length.
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA necesita un resumen cuya longitud sea múltiplo de 8 bits\n"
 
@@ -715,7 +707,6 @@ msgstr "un hash de %zu bits no vale para %u bits de la clave %s\n"
 msgid "checking created signature failed: %s\n"
 msgstr "la comprobación de la firma creada falló: %s\n"
 
-#. Stub key.
 msgid "secret key parts are not available\n"
 msgstr "las partes de la clave privada no están disponibles\n"
 
@@ -723,9 +714,6 @@ msgstr "las partes de la clave privada no están disponibles\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "el algoritmo de llave pública %d (%s) no se puede usar\n"
 
-#. The algorithm numbers are Libgcrypt numbers but fortunately
-#. the OpenPGP algorithm numbers map one-to-one to the Libgcrypt
-#. numbers.
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "el algoritmo de protección %d (%s) no se puede usar\n"
@@ -1106,9 +1094,6 @@ msgstr "no se pudo crear el fichero temporal '%s': %s\n"
 msgid "error writing to '%s': %s\n"
 msgstr "error escribiendo a '%s': %s\n"
 
-#. Note: It is unlikley that we get a race here unless a pid is
-#. reused too fast or a new process with the same pid as the one
-#. of the stale file tries to lock right at the same time as we.
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "borrando fichero de bloqueo residual (creado por %d)\n"
@@ -1145,12 +1130,6 @@ msgstr "cabecera de armadura: "
 msgid "invalid clearsig header\n"
 msgstr "cabecera de firma clara inválida\n"
 
-#. Section 6.2: "Unknown keys should be reported to the user,
-#. but OpenPGP should continue to process the message."  Note
-#. that in a clearsigned message this applies to the signature
-#. part (i.e. "BEGIN PGP SIGNATURE") and not the signed data
-#. ("BEGIN PGP SIGNED MESSAGE").  The only key allowed in the
-#. signed data section is "Hash".
 msgid "unknown armor header: "
 msgstr "cabecera de armadura desconocida: "
 
@@ -1160,7 +1139,6 @@ msgstr "firmas en texto claro anidadas\n"
 msgid "unexpected armor: "
 msgstr "armadura inesperada: "
 
-#. Bad dash-escaping.
 msgid "invalid dash escaped line: "
 msgstr "Línea con guiones inválida: "
 
@@ -1381,21 +1359,8 @@ msgstr ""
 "      la documentación de su tarjeta para ver los tamaños posibles.\n"
 
 #, c-format
-msgid "What keysize do you want for the Signature key? (%u) "
-msgstr "¿De qué tamaño quiere la clave de Firmado? (%u) "
-
-#, c-format
-msgid "What keysize do you want for the Encryption key? (%u) "
-msgstr "¿De qué tamaño quiere la clave de Cifrado? (%u) "
-
-#, c-format
-msgid "What keysize do you want for the Authentication key? (%u) "
-msgstr "¿De qué tamaño quiere la clave de Autenticación? (%u) "
-
-#. Use default.
-#, c-format
-msgid "The card will now be re-configured to generate a key of type: %s\n"
-msgstr "Ahora la tarjeta se reconfigurará para generar una clave de tipo: %s\n"
+msgid "What keysize do you want? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
 
 #, c-format
 msgid "rounded up to %u bits\n"
@@ -1405,14 +1370,60 @@ msgstr "redondeados a %u bits\n"
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "los tamaños de claves %s deben estar en el rango %u-%u\n"
 
+msgid "Changing card key attribute for: "
+msgstr ""
+
+#, fuzzy
+#| msgid "   (1) Signature key\n"
+msgid "Signature key\n"
+msgstr "   (1) Clave de firmado\n"
+
+#, fuzzy
+#| msgid "   (2) Encryption key\n"
+msgid "Encryption key\n"
+msgstr "   (2) Clave de cifrado\n"
+
+#, fuzzy
+#| msgid "   (3) Authentication key\n"
+msgid "Authentication key\n"
+msgstr "   (3) Clave de autentificación\n"
+
+msgid "Please select what kind of key you want:\n"
+msgstr "Por favor seleccione tipo de clave deseado:\n"
+
+#, c-format
+msgid "   (%d) RSA\n"
+msgstr "   (%d) RSA\n"
+
+#, fuzzy, c-format
+#| msgid "   (%d) ECC and ECC\n"
+msgid "   (%d) ECC\n"
+msgstr "   (%d) ECC y ECC\n"
+
+msgid "Invalid selection.\n"
+msgstr "Elección inválida.\n"
+
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Ahora la tarjeta se reconfigurará para generar una clave de %u bits\n"
 
 #, c-format
-msgid "error changing size of key %d to %u bits: %s\n"
+msgid "The card will now be re-configured to generate a key of type: %s\n"
+msgstr "Ahora la tarjeta se reconfigurará para generar una clave de tipo: %s\n"
+
+#, fuzzy, c-format
+#| msgid "error changing size of key %d to %u bits: %s\n"
+msgid "error changing key attribute for key %d: %s\n"
 msgstr "error cambiando el tamaño de la clave %d a %u bits: %s\n"
 
+#, fuzzy, c-format
+#| msgid "error getting current key info: %s\n"
+msgid "error getting card info: %s\n"
+msgstr "error obteniendo la información actual de la clave: %s\n"
+
+msgid "This command is not supported by this card\n"
+msgstr "Esta orden no se puede usar con esta tarjeta\n"
+
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 "¿Hacer copia de seguridad externa a la tarjeta de clave de cifrado? (S/n) "
@@ -1445,10 +1456,6 @@ msgstr "   (2) Clave de cifrado\n"
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Clave de autentificación\n"
 
-#. Okay.
-msgid "Invalid selection.\n"
-msgstr "Elección inválida.\n"
-
 msgid "Please select where to store the key:\n"
 msgstr "Por favor elija donde guardar la clave:\n"
 
@@ -1456,11 +1463,6 @@ msgstr "Por favor elija donde guardar la clave:\n"
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD fallido: %s\n"
 
-#. Note: We won't see status-indicator 3 here because it is not
-#. possible to select a card application in termination state.
-msgid "This command is not supported by this card\n"
-msgstr "Esta orden no se puede usar con esta tarjeta\n"
-
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr ""
 "NOTA: ¡Esta orden destruye todas las claves almacenadas en la tarjeta!\n"
@@ -1471,6 +1473,11 @@ msgstr "¿Continuar? (s/N) "
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "¿Realmente quiere volver a los valores de fábrica? (escriba \"sí\") "
 
+#, fuzzy, c-format
+#| msgid "error looking up: %s\n"
+msgid "error for setup KDF: %s\n"
+msgstr "error al buscar: %s\n"
+
 msgid "quit this menu"
 msgstr "salir de este menú"
 
@@ -1522,6 +1529,16 @@ msgstr "desbloquear PIN usando Código de Reinicio"
 msgid "destroy all keys and data"
 msgstr "destruir todas las claves y datos"
 
+#, fuzzy
+#| msgid "|NAME|use user NAME for authentication"
+msgid "setup KDF for PIN authentication"
+msgstr "|NAME|usa NOMBRE como destinatario por defecto"
+
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the key attribute"
+msgstr "cambia valores de confianza"
+
 msgid "gpg/card> "
 msgstr "gpg/tarjeta> "
 
@@ -1739,9 +1756,6 @@ msgstr " - omitido"
 msgid "writing to '%s'\n"
 msgstr "escribiendo en '%s'\n"
 
-#. It does not make sense to export a key with its
-#. * primary key on card using a non-key stub.  Thus we
-#. * skip those keys when used with --export-secret-subkeys.
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "clave %s: material de la clave en la tarjeta - omitida\n"
@@ -1828,7 +1842,6 @@ msgstr "crea una firma"
 msgid "make a clear text signature"
 msgstr "crea una firma en texto claro"
 
-#. ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature") ),
 msgid "make a detached signature"
 msgstr "crea una firma separada"
 
@@ -1838,7 +1851,6 @@ msgstr "cifra datos"
 msgid "encryption only with symmetric cipher"
 msgstr "cifra sólo con un cifrado simétrico"
 
-#. ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
 msgid "decrypt data (default)"
 msgstr "descifra datos (predefinido)"
 
@@ -2166,6 +2178,11 @@ msgstr "\"%s\" no es una dirección de email válida\n"
 msgid "invalid pinentry mode '%s'\n"
 msgstr "modo de entrada de pin inválido '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "invalid value for option '%s'\n"
+msgid "invalid request origin '%s'\n"
+msgstr "parámetro incorrecto para la opción '%s'\n"
+
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s' no es un juego de caracteres válido\n"
@@ -2699,9 +2716,6 @@ msgstr "clave %s: error enviando al agente: %s\n"
 msgid "secret key %s: %s\n"
 msgstr "clave secreta %s: %s\n"
 
-#. We don't allow importing secret keys because that may be used
-#. to put a secret key into the keyring and the user might later
-#. be tricked into signing stuff with that key.
 msgid "importing secret keys not allowed\n"
 msgstr "no se permite importar claves secretas\n"
 
@@ -2955,8 +2969,6 @@ msgstr ""
 msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
 msgstr "¿Quiere producir una nueva firma que reemplace a la expirada? (s/N) "
 
-#. It's a local sig, and we want to make a
-#. exportable sig.
 #, c-format
 msgid ""
 "Your current signature on \"%s\"\n"
@@ -3093,9 +3105,6 @@ msgstr "comprueba firmas"
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "firmar IDs seleccionadas [* ver debajo órdenes relacionadas]"
 
-#. "lsign" and friends will never match since "sign" comes first
-#. and it is a tail match.  They are just here so they show up in
-#. the help menu.
 msgid "sign selected user IDs locally"
 msgstr "firma localmente los IDs de usuarios elegidos"
 
@@ -3522,9 +3531,6 @@ msgstr "Introduzca el ID de usuario del revocador designado: "
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "no se puede elegir una clave tipo PGP 2.x como revocador designado\n"
 
-#. This actually causes no harm (after all, a key that
-#. designates itself as a revoker is the same as a
-#. regular key), but it's easy enough to check.
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "no puede elegir una clave como su propio revocador designado\n"
 
@@ -3556,6 +3562,16 @@ msgstr "Cambiando caducidad de clave primaria.\n"
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "No puede cambiar la fecha de caducidad de una clave v3\n"
 
+#, fuzzy
+#| msgid "Changing expiration time for a subkey.\n"
+msgid "Changing usage of a subkey.\n"
+msgstr "Cambiando fecha de caducidad de subclave.\n"
+
+#, fuzzy
+#| msgid "Changing expiration time for the primary key.\n"
+msgid "Changing usage of the primary key.\n"
+msgstr "Cambiando caducidad de clave primaria.\n"
+
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "la subclave de firmado %s ya está certificada en cruz\n"
@@ -3765,9 +3781,6 @@ msgstr "   (%c) Conmutar la capacidad de autenticación\n"
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Acabado\n"
 
-msgid "Please select what kind of key you want:\n"
-msgstr "Por favor seleccione tipo de clave deseado:\n"
-
 #, c-format
 msgid "   (%d) RSA and RSA (default)\n"
 msgstr "   (%d) RSA y RSA (por defecto)\n"
@@ -3841,10 +3854,6 @@ msgstr "las claves %s pueden tener entre %u y %u bits de longitud.\n"
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "¿De qué tamaño quiere la subclave? (%u) "
 
-#, c-format
-msgid "What keysize do you want? (%u) "
-msgstr "¿De qué tamaño quiere la clave? (%u) "
-
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "El tamaño requerido es de %u bits\n"
@@ -3925,10 +3934,6 @@ msgstr ""
 "GnuPG debe construir un ID de usuario para identificar su clave.\n"
 "\n"
 
-#. There is no translation for the string thus we to use
-#. the old info text.  gettext has no way to tell whether
-#. a translation is actually available, thus we need to
-#. to compare again.
 #. TRANSLATORS: This string is in general not anymore used
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
@@ -4412,7 +4417,6 @@ msgstr "Firmado el %s\n"
 msgid "               using %s key %s\n"
 msgstr "               usando %s clave %s\n"
 
-#. Legacy format.
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Firmado el %s usando clave %s ID %s\n"
@@ -4421,10 +4425,6 @@ msgstr "Firmado el %s usando clave %s ID %s\n"
 msgid "               issuer \"%s\"\n"
 msgstr "               emisor \"%s\"\n"
 
-#. According to my favorite copy editor, in English grammar,
-#. you say "at" if the key is located on a web page, but
-#. "from" if it is located on a keyserver.  I'm not going to
-#. even try to make two strings here :)
 msgid "Key available at: "
 msgstr "Clave disponible en: "
 
@@ -4465,8 +4465,6 @@ msgstr "desconocido"
 msgid ", key algorithm "
 msgstr ", algoritmo de clave pública "
 
-#. Not only signature packets in the tree thus this
-#. is not a detached signature.
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
@@ -4586,7 +4584,6 @@ msgstr ""
 msgid "unknown weak digest '%s'\n"
 msgstr "algoritmo débil de resumen desconocido '%s'\n"
 
-#. Do not overwrite.
 #, c-format
 msgid "File '%s' exists. "
 msgstr "El fichero '%s' ya existe. "
@@ -4725,8 +4722,6 @@ msgstr "razón para la revocación: "
 msgid "revocation comment: "
 msgstr "comentario a la revocación: "
 
-#. A string with valid answers.
-#.
 #. TRANSLATORS: These are the allowed answers in lower and
 #. uppercase.  Below you will find the matching strings which
 #. should be translated accordingly and the letter changed to
@@ -4809,8 +4804,6 @@ msgstr "Esta clave probablemente pertenece al usuario que se nombra\n"
 msgid "This key belongs to us\n"
 msgstr "Esta clave nos pertenece\n"
 
-#. This can be returned by TOFU, which can return negative
-#. assertions.
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: ¡Esta clave es mala! ¡Está marcada como no confiable!\n"
@@ -5048,7 +5041,6 @@ msgstr "se fuerza salida con armadura ASCII.\n"
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet falló: %s\n"
 
-#. and issue a usage notice
 msgid "Revocation certificate created.\n"
 msgstr "Certificado de revocación creado.\n"
 
@@ -5176,14 +5168,9 @@ msgstr ""
 "la clave %s %s requiere un resumen de %zu bits o mayor (el resumen es de "
 "%s)\n"
 
-#. Sanity check that the md has a context for the hash that the
-#. sig is expecting.  This can happen if a onepass sig header does
-#. not match the actual sig, and also if the clearsign "Hash:"
-#. header is missing or does not match the actual sig.
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "AVISO: conflicto con el resumen de la firma del mensaje\n"
 
-#. Compliance failure.
 #, c-format
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "no puede usar la clave %s para firmar en modo %s\n"
@@ -5244,6 +5231,11 @@ msgstr "NOTA: clave de firmado %s caducada el %s\n"
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTA: la clave de firmado %s ha sido revocada\n"
 
+#, fuzzy, c-format
+#| msgid "standalone signature of class 0x%02x\n"
+msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
+msgstr "firma independiente de clase 0x%02x\n"
+
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
@@ -5338,7 +5330,6 @@ msgstr "huella digital no válida"
 msgid "ownertrust value missing"
 msgstr "falta el valor de confianza"
 
-#. error
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "error intentando encontrar el registro de confianza en '%s': %s\n"
@@ -5368,7 +5359,6 @@ msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
 "registro base de datos de confianza %lu: escritura fallida (n=%d): %s\n"
 
-#. Hard limit for the cache size reached.
 msgid "trustdb transaction too large\n"
 msgstr "transacción en la base de datos de confianza demasiado grande\n"
 
@@ -5485,13 +5475,10 @@ msgstr "error al crear tabla TOFU de 'claves confiadas': %s\n"
 msgid "TOFU DB error"
 msgstr "Error de la base de datos de TOFU"
 
-#. The result has the wrong form.
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "error al leer la base de datos TOFU: %s\n"
 
-#. Unexpected success.  This can only happen if there are no
-#. rows.  (select returned 0, but expected ABORT.)
 #, c-format
 msgid "error determining TOFU database's version: %s\n"
 msgstr "error al intentar determinar la versión de la base de datos TOFU: %s\n"
@@ -5645,7 +5632,6 @@ msgstr "Mensajes verificados en el pasado: %d."
 msgid "Messages encrypted in the past: %d."
 msgstr "Mensajes cifrados en el pasado: %d."
 
-#. This is a conflict.
 #. TRANSLATORS: Please translate the text found in the source
 #. * file below.  We don't directly internationalize that text so
 #. * that we can tweak it without breaking translations.
@@ -6097,9 +6083,6 @@ msgstr "Intentos disponibles: %d"
 msgid "using default PIN as %s\n"
 msgstr "usando PIN por defecto %s\n"
 
-#. Verification of CHV2 with the default PIN failed,
-#. although the card pretends to have the default PIN set as
-#. CHV2.  We better disable the def_chv2 flag now.
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "fallo al usar el PIN por defecto %s: %s - en adelante deshabilitado\n"
@@ -6372,7 +6355,6 @@ msgstr "el certificado aún no es válido"
 msgid "root certificate not yet valid"
 msgstr "el certificado raíz no es válido aún"
 
-#. other
 msgid "intermediate certificate not yet valid"
 msgstr "el certificado intermedio aún no es válido"
 
@@ -6382,7 +6364,6 @@ msgstr "certificado caducado"
 msgid "root certificate has expired"
 msgstr "el certificado raíz ha caducado"
 
-#. other
 msgid "intermediate certificate has expired"
 msgstr "el certificado intermedio ha caducado"
 
@@ -6406,14 +6387,12 @@ msgstr ""
 msgid "  (  signature created at "
 msgstr "  ( firmas creadas en "
 
-#.
 msgid "  (certificate created at "
 msgstr "  (certificado creado en "
 
 msgid "  (certificate valid from "
 msgstr "  (certificado válido desde "
 
-#.
 msgid "  (     issuer valid from "
 msgstr "  (     emisor válido desde "
 
@@ -6468,7 +6447,6 @@ msgstr "certificado correcto\n"
 msgid "intermediate certificate is good\n"
 msgstr "certificado intermedio correcto\n"
 
-#. other
 msgid "root certificate is good\n"
 msgstr "certificado raíz correcto\n"
 
@@ -6621,10 +6599,6 @@ msgstr ""
 "Para completar este certificado introduzca por favor la frase contraseñapara "
 "la clave que acaba de crear una vez más.\n"
 
-#, c-format
-msgid "   (%d) RSA\n"
-msgstr "   (%d) RSA\n"
-
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Clave existente\n"
@@ -6644,7 +6618,6 @@ msgstr "Número de serie de la tarjeta: %s\n"
 msgid "Available keys:\n"
 msgstr "Claves disponibles:\n"
 
-#. Ask for the key usage.
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Posibles acciones para una clave %s:\n"
@@ -6683,21 +6656,18 @@ msgstr "Nombre de entidad no válido '%s'\n"
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "28 visto por el traductor hasta la comilla inclusive"
 
-#. Get the email addresses.
 msgid "Enter email addresses"
 msgstr "Dirección de correo electrónico"
 
 msgid " (end with an empty line):\n"
 msgstr " (termine con una línea en blanco):\n"
 
-#. DNS names.
 msgid "Enter DNS names"
 msgstr "Introduzca nombres de DNS"
 
 msgid " (optional; end with an empty line):\n"
 msgstr " (opcional; acabe con una línea en blanco):\n"
 
-#. URIs.
 msgid "Enter URIs"
 msgstr "Introduzca URIs"
 
@@ -6760,8 +6730,6 @@ msgstr "lista claves externas"
 msgid "list certificate chain"
 msgstr "lista de cadenas de certificados"
 
-#. ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a keyserver")),
-#. ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a keyserver")),
 msgid "import certificates"
 msgstr "importa certificado"
 
@@ -6983,10 +6951,6 @@ msgstr ""
 "\"%s\"\n"
 "¡Observe que este certificado NO creará una firma cualificada!"
 
-#. case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break;
-#. We don't want to use MD5.
-#. No algorithm found in cert.
-#. Other algorithms.
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "resumen %d (%s) para firmante %d no puede utilizarse; usando %s\n"
@@ -7184,8 +7148,6 @@ msgstr "detectado un campo extra en la entrada crl de '%s' línea %u\n"
 msgid "invalid line detected in '%s' line %u\n"
 msgstr "línea no válida detectada en '%s', línea %u\n"
 
-#. Fixme: The duplicate checking used is not very
-#. effective for large numbers of issuers.
 #, c-format
 msgid "duplicate entry detected in '%s' line %u\n"
 msgstr "entrada duplicada detectada en '%s', línea %u\n"
@@ -7504,34 +7466,18 @@ msgstr "ha fallado crl_cache_insert via emisor: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "la tabla de mapeo lector a archivo está llena - esperando\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "usando \"http\" en lugar de \"https\"\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "el acceso CRL no es posible debido a que %s está desactivado\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "error al inicializar objeto lector: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "URL '%s' redirigida a '%s' (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "demasiadas redirecciones\n"
-
-#. Made up status code for error reporting.
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "error recuperando '%s': %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "error recurerando '%s': status http %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "error al inicializar objeto lector: %s\n"
 
-#. For now we do not support LDAP over Tor.
 msgid "CRL access not possible due to Tor mode\n"
 msgstr "el acceso a CRL no es posible a causa del modo Tor\n"
 
@@ -7776,7 +7722,6 @@ msgstr "%s:%u: línea demasiado larga - omitida\n"
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: se detectó huella digital no válida\n"
 
-#.
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: error de lectura: %s\n"
@@ -7953,10 +7898,6 @@ msgstr "error al escribir la entrada de bitácora: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "error al leer desde el wrapper de ldap %d: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "ha fallado npth_select: %s - esperando 1s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "el wrapper %d de ldap está listo"
@@ -7977,14 +7918,6 @@ msgstr "error al esperar el wrapper %d de ldap: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "el wrapper %d de ldap está parado - matándolo\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "error mientras desplegaba el hilo del ldap wrapper reaper: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "error al leer desde el wrapper %d de ldap: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "caracter incorrecto 0x%02x en el nombre de host - no añadido\n"
@@ -8027,8 +7960,6 @@ msgid "response from server too large; limit is %d bytes\n"
 msgstr ""
 "la respuesta del servidor es demasiado larga; el límite son los %d bytes\n"
 
-#. For now we do not allow OCSP via Tor due to possible privacy
-#. concerns.  Needs further research.
 msgid "OCSP request not possible due to Tor mode\n"
 msgstr "las consultas OCSP no son posibles a causa del modo Tor\n"
 
@@ -8051,6 +7982,13 @@ msgstr "error al conectar a '%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "error al leer la respuesta HTTP para '%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "URL '%s' redirigida a '%s' (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "demasiadas redirecciones\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "error al leer la respuesta OCSP para '%s': %s\n"
@@ -8656,6 +8594,30 @@ msgstr ""
 "Compara frase contraseña dada en entrada estándar con un fichero de "
 "patrones\n"
 
+#~ msgid "What keysize do you want for the Signature key? (%u) "
+#~ msgstr "¿De qué tamaño quiere la clave de Firmado? (%u) "
+
+#~ msgid "What keysize do you want for the Encryption key? (%u) "
+#~ msgstr "¿De qué tamaño quiere la clave de Cifrado? (%u) "
+
+#~ msgid "What keysize do you want for the Authentication key? (%u) "
+#~ msgstr "¿De qué tamaño quiere la clave de Autenticación? (%u) "
+
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "usando \"http\" en lugar de \"https\"\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "error recurerando '%s': status http %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "ha fallado npth_select: %s - esperando 1s\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "error mientras desplegaba el hilo del ldap wrapper reaper: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "error al leer desde el wrapper %d de ldap: %s\n"
+
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() falló: %s\n"
 
diff --git a/po/et.po b/po/et.po
index c12b6ed6c..e540035a4 100644
--- a/po/et.po
+++ b/po/et.po
@@ -7743,33 +7743,18 @@ msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "liiga palju `%c' eelistusi\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "viga `%s' loomisel: %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "viga `%s' lugemisel: %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8217,10 +8202,6 @@ msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8241,14 +8222,6 @@ msgstr "uuendamine ebaõnnestus: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8316,6 +8289,14 @@ msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "liiga palju `%c' eelistusi\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
@@ -8933,6 +8914,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "viga `%s' lugemisel: %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Millist võtmepikkust te soovite? (1024) "
diff --git a/po/fi.po b/po/fi.po
index ee4085990..717f85b48 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -7804,33 +7804,18 @@ msgstr "avainlohkojen poisto epäonnistui: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "liian monta \"%c\" valintaa\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "virhe luotaessa \"%s\": %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8279,10 +8264,6 @@ msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "salaisen päivitys epäonnistui: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8303,14 +8284,6 @@ msgstr "päivitys epäonnistui: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "avainlohkojen poisto epäonnistui: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8378,6 +8351,14 @@ msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "liian monta \"%c\" valintaa\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
@@ -8995,6 +8976,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "salaisen päivitys epäonnistui: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Minkä kokoisen avaimen haluat? (1024) "
diff --git a/po/fr.po b/po/fr.po
index 3eff8be7a..a8a0a4b3a 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -7805,33 +7805,19 @@ msgstr "échec de crl_cache_insert par émetteur : %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "table de projection de lecteur vers fichier pleine — attente\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "utilisation d'« http » au lieu d'« https »\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 "accès à la liste de révocations de certificat impossible car %s est "
 "désactivé\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "erreur d'initialisation de l'objet lecteur : %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "URL « %s » redirigée vers « %s » (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "trop de redirections\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "erreur de récupération de « %s » : %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "erreur de récupération de « %s » : état HTTP %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "erreur d'initialisation de l'objet lecteur : %s\n"
 
 #, fuzzy
 #| msgid "CRL access not possible due to disabled %s\n"
@@ -8264,10 +8250,6 @@ msgstr "erreur d'affichage de ligne du journal : %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "erreur de lecture du journal par l'enveloppe LDAP %d : %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "échec de npth_select : %s — attente 1 s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "enveloppe LDAP %d prête"
@@ -8288,15 +8270,6 @@ msgstr "échec d'attente de l'enveloppe LDAP %d : %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "enveloppe LDAP %d à l'arrêt — le processus va être tué\n"
 
-# NOTE: Incorrectly set as translatable?
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "error spawning ldap wrapper reaper thread: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "échec de lecture par l'enveloppe LDAP %d : %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "caractère 0x%02x incorrect dans le nom d'hôte — non ajouté\n"
@@ -8362,6 +8335,13 @@ msgstr "erreur de connexion à « %s » : %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "erreur de lecture de réponse HTTP pour « %s » : %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "URL « %s » redirigée vers « %s » (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "trop de redirections\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "erreur d'analyse de réponse OCSP pour « %s » : %s\n"
@@ -8983,6 +8963,22 @@ msgstr ""
 "Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
 "ficmotif\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "utilisation d'« http » au lieu d'« https »\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "erreur de récupération de « %s » : état HTTP %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "échec de npth_select : %s — attente 1 s\n"
+
+# NOTE: Incorrectly set as translatable?
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "error spawning ldap wrapper reaper thread: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "échec de lecture par l'enveloppe LDAP %d : %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr ""
 #~ "Quelle taille de clef désirez-vous pour la clef de signature ? (%u) "
diff --git a/po/gl.po b/po/gl.po
index 08f5eb5d2..51120cbfb 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -7829,33 +7829,18 @@ msgstr "fallou o borrado do bloque de chaves: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "demasiadas preferencias `%c'\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "erro ao crear `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "erro lendo `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8305,10 +8290,6 @@ msgstr "erro escribindo no chaveiro `%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "o segredo da actualización fallou: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8329,14 +8310,6 @@ msgstr "a actualización fallou: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "fallou o borrado do bloque de chaves: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8404,6 +8377,14 @@ msgstr "erro escribindo no chaveiro `%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "erro lendo `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "demasiadas preferencias `%c'\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
@@ -9024,6 +9005,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "erro lendo `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "o segredo da actualización fallou: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "fallou o borrado do bloque de chaves: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "¿Qué tamaño de chave quere? (1024) "
diff --git a/po/hu.po b/po/hu.po
index 96d6f6cfb..9281c1d41 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -7773,33 +7773,18 @@ msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "Túl sok \"%c\" preferencia.\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "Hiba \"%s\" létrehozásakor: %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "Hiba \"%s\" olvasásakor: %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8247,10 +8232,6 @@ msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8271,14 +8252,6 @@ msgstr "Frissítés sikertelen: %s.\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "A kulcsblokk törlése sikertelen: %s.\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8346,6 +8319,14 @@ msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "Túl sok \"%c\" preferencia.\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
@@ -8963,6 +8944,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Milyen kulcsméretet szeretne? (1024) "
diff --git a/po/id.po b/po/id.po
index 8e06be249..bc605ff1f 100644
--- a/po/id.po
+++ b/po/id.po
@@ -7766,33 +7766,18 @@ msgstr "gagal menghapus keyblok: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: kesalahan menulis dir record: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "terlalu banyak preferensi `%c'\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "kesalahan penciptaan : `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "kesalahan membaca `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: kesalahan menulis dir record: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8240,10 +8225,6 @@ msgstr "kesalahan menulis keyring `%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "gagal perbarui rahasia: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8264,14 +8245,6 @@ msgstr "gagal memperbarui: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "gagal menghapus keyblok: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8339,6 +8312,14 @@ msgstr "kesalahan menulis keyring `%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "terlalu banyak preferensi `%c'\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
@@ -8956,6 +8937,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "kesalahan membaca `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "gagal perbarui rahasia: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "gagal menghapus keyblok: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Keysize yang anda inginkan? (1024) "
diff --git a/po/it.po b/po/it.po
index 9faa025c9..2358ef55a 100644
--- a/po/it.po
+++ b/po/it.po
@@ -7806,33 +7806,18 @@ msgstr "cancellazione del keyblock fallita: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: errore durante la scrittura del dir record: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "ci sono troppe preferenze `%c'\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "errore creando `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "errore leggendo `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: errore durante la scrittura del dir record: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8281,10 +8266,6 @@ msgstr "errore scrivendo il portachiavi `%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "errore leggendo `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "aggiornamento della chiave segreta fallito: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8305,14 +8286,6 @@ msgstr "aggiornamento fallito: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "cancellazione del keyblock fallita: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8380,6 +8353,14 @@ msgstr "errore scrivendo il portachiavi `%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "errore leggendo `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "ci sono troppe preferenze `%c'\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "errore leggendo `%s': %s\n"
@@ -8997,6 +8978,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "errore leggendo `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "aggiornamento della chiave segreta fallito: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "cancellazione del keyblock fallita: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Di che dimensioni vuoi la chiave? (1024) "
diff --git a/po/ja.po b/po/ja.po
index d80506696..d2b4c7e8c 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -1195,8 +1195,7 @@ msgstr "*警告*: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
-"注意: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれませ"
-"ん。\n"
+"注意: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれません。\n"
 
 #, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
@@ -2350,7 +2349,8 @@ msgstr "'%s'は有効な鍵ID, フィンガープリント、keygripではない
 
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
-"*警告*: コマンドが指定されていません。なにを意味しているのか当ててみます ...\n"
+"*警告*: コマンドが指定されていません。なにを意味しているのか当ててみま"
+"す ...\n"
 
 msgid "Go ahead and type your message ...\n"
 msgstr "開始します。メッセージを打ってください ...\n"
@@ -7228,31 +7228,17 @@ msgstr "発行者からcrl_cache_insertが失敗しました: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "readerからファイル・マッピングのテーブルがいっぱいです - 待ちます\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "\"http\" を \"https\" の代わりに使います\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "CRLアクセスは停止された%sのため不可能です\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "リーダ・オブジェクトの初期化エラー: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "URL'%s' は '%s' (%u) へリダイレクトされました\n"
-
-msgid "too many redirections\n"
-msgstr "リダイレクトが多すぎます\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "'%s'を取得する際のエラー: %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "'%s'の取得エラー: httpステイタス %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "リーダ・オブジェクトの初期化エラー: %s\n"
 
 msgid "CRL access not possible due to Tor mode\n"
 msgstr "CRLアクセスはTorモードのため不可能です\n"
@@ -7667,10 +7653,6 @@ msgstr "log出力エラー: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "ldap wrapper %dからのログの読み込みエラー: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "npth_selectに失敗しました: %s - 一秒待ちます\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "ldap wrapper %d が準備完了"
@@ -7691,14 +7673,6 @@ msgstr "ldap wrapper %dの待ちが失敗: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap wrapper %d が止まりました - killしています\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "ldap wrapperのスレッドの起動でエラー: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "ldap wrapper %d からの読み込みに失敗しました: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "ホスト名に無効な文字 0x%02x - 加えません\n"
@@ -7762,6 +7736,13 @@ msgstr "'%s'の接続エラー: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "'%s'のHTTP応答の読み込みエラー: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "URL'%s' は '%s' (%u) へリダイレクトされました\n"
+
+msgid "too many redirections\n"
+msgstr "リダイレクトが多すぎます\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "'%s'に対するOCSP応答構文解析エラー: %s\n"
@@ -8351,6 +8332,21 @@ msgstr ""
 "形式: gpg-check-pattern [オプション] パターンファイル\n"
 "パターンファイルに対して標準入力のパスフレーズを確認する\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "\"http\" を \"https\" の代わりに使います\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "'%s'の取得エラー: httpステイタス %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "npth_selectに失敗しました: %s - 一秒待ちます\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "ldap wrapperのスレッドの起動でエラー: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "ldap wrapper %d からの読み込みに失敗しました: %s\n"
+
 #~ msgid "No change."
 #~ msgstr "変更なし。"
 
diff --git a/po/nb.po b/po/nb.po
index a44b539fc..c6694e7e5 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -7365,31 +7365,17 @@ msgstr "crl_cache_insert via utsteder mislyktes: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "tilknytningstabell for overføring fra leser til fil er full. Venter\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "bruker «http» i stedet for «https»\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "Ingen CRL-tilgang fordi %s er slått av\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "feil under innlasting av leserobjekt: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "Videresendt fra adresse «%s» til «%s» (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "for mange videresendinger\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "feil under henting av «%s»: %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "feil under henting av «%s»: http-status %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "feil under innlasting av leserobjekt: %s\n"
 
 msgid "CRL access not possible due to Tor mode\n"
 msgstr "Ingen CRL-tilgang i Tor-modus\n"
@@ -7804,10 +7790,6 @@ msgstr "feil under utskrift av logglinje: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "feil under lesing av logg fra ldap-grensesnitt %d: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "npth_select mislyktes: %s - venter 1s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "ldap-grensesnitt %d klart"
@@ -7828,14 +7810,6 @@ msgstr "venting på ldap-grensesnitt %d mislyktes: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap-grensesnitt %d steilet - dreper prosess\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "feil under oppbygging av «reaper»-tråd for ldap-grensesnitt: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "lesing fra ldap-grensesnitt %d mislyktes: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "vertsnavn inneholder ugyldig tegn 0x%02x, og ble ikke lagt til\n"
@@ -7899,6 +7873,13 @@ msgstr "feil under tilkobling til «%s»: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "feil under lesing av HTTP-svar for «%s»: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "Videresendt fra adresse «%s» til «%s» (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "for mange videresendinger\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "feil under tolking av OCSP-svar for «%s»: %s\n"
@@ -8488,6 +8469,21 @@ msgstr ""
 "Syntaks: gpg-check-pattern [valg] mønsterfil\n"
 "Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "bruker «http» i stedet for «https»\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "feil under henting av «%s»: http-status %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "npth_select mislyktes: %s - venter 1s\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "feil under oppbygging av «reaper»-tråd for ldap-grensesnitt: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "lesing fra ldap-grensesnitt %d mislyktes: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Hvor stor skal signaturnøkkelen være? (%u) "
 
diff --git a/po/pl.po b/po/pl.po
index 3079b318e..801cf2efe 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -8009,36 +8009,19 @@ msgstr "odbieranie linii nie powiodło się: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: błąd zapisu wpisu katalogowego: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-#| msgid "too many cipher preferences\n"
-msgid "too many redirections\n"
-msgstr "zbyt wiele ustawień szyfru\n"
-
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s': %s\n"
 msgstr "błąd odtwarzania ,,%s'' poprzez %s: %s\n"
 
 #, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
-msgid "error retrieving '%s': http status %u\n"
-msgstr "błąd uruchamiania ,,%s'': kod wyjścia %d\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: błąd zapisu wpisu katalogowego: %s\n"
 
 #, fuzzy
 #| msgid "certificate `%s' not found: %s\n"
@@ -8540,11 +8523,6 @@ msgstr "błąd zapisu do %s: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "błąd odczytu z %s: %s\n"
 
-#, fuzzy, c-format
-#| msgid "pth_select failed: %s - waiting 1s\n"
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "pth_select nie powiodło się: %s - czekanie 1s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8566,15 +8544,6 @@ msgstr "oczekiwanie na zakończenie procesu %d nie powiodło się: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8652,6 +8621,15 @@ msgstr "błąd zapisu do ,,%s'': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "błąd odczytu z %s: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "too many cipher preferences\n"
+msgid "too many redirections\n"
+msgstr "zbyt wiele ustawień szyfru\n"
+
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error parsing OCSP response for '%s': %s\n"
@@ -9327,6 +9305,21 @@ msgstr ""
 "Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
 "Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
 
+#, fuzzy
+#~| msgid "error running `%s': exit status %d\n"
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "błąd uruchamiania ,,%s'': kod wyjścia %d\n"
+
+#, fuzzy
+#~| msgid "pth_select failed: %s - waiting 1s\n"
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "pth_select nie powiodło się: %s - czekanie 1s\n"
+
+#, fuzzy
+#~| msgid "reading public key failed: %s\n"
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Jakiej długości klucz do podpisywania wygenerować? (%u) "
 
diff --git a/po/pt.po b/po/pt.po
index 864a1f719..91b384f30 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7773,33 +7773,18 @@ msgstr "remoção do bloco de chave falhou: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: erro ao escrever registo de diretório: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "demasiadas preferências `%c'\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "erro ao criar `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "erro na leitura de `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: erro ao escrever registo de diretório: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8249,10 +8234,6 @@ msgstr "erro na escrita do porta-chaves `%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "actualização da chave secreta falhou: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8273,14 +8254,6 @@ msgstr "actualização falhou: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "remoção do bloco de chave falhou: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8348,6 +8321,14 @@ msgstr "erro na escrita do porta-chaves `%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "demasiadas preferências `%c'\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
@@ -8965,6 +8946,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "erro na leitura de `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "actualização da chave secreta falhou: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "remoção do bloco de chave falhou: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Qual o tamanho de chave desejado? (1024) "
diff --git a/po/ro.po b/po/ro.po
index 3aeaebb49..66d84e2bc 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -7835,34 +7835,18 @@ msgstr "citirea cheii publice a eşuat: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: eroare scriere înregistrare dir: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-#| msgid "too many cipher preferences\n"
-msgid "too many redirections\n"
-msgstr "prea multe preferinţe de cifrare\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "eroare la creearea `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "eroare la citire `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: eroare scriere înregistrare dir: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8324,10 +8308,6 @@ msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "actualizarea secretului a eşuat: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8348,15 +8328,6 @@ msgstr "actualizarea a eşuat: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "citirea cheii publice a eşuat: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8426,6 +8397,15 @@ msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "too many cipher preferences\n"
+msgid "too many redirections\n"
+msgstr "prea multe preferinţe de cifrare\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
@@ -9047,6 +9027,19 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "eroare la citire `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "actualizarea secretului a eşuat: %s\n"
+
+#, fuzzy
+#~| msgid "reading public key failed: %s\n"
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "citirea cheii publice a eşuat: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Ce lungime de cheie doriţi? (%u) "
diff --git a/po/ru.po b/po/ru.po
index fca3be7ae..654b5a766 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -7492,33 +7492,19 @@ msgstr "сбой crl_cache_insert через издателя: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "ожидание ресурсов для объекта чтения\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "используется \"http\" вместо \"https\"\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 "Доступ к списку отозванных сертификатов невозможен\n"
 "из-за того, что не задействуется %s\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "ошибка инициализации объекта устройства чтения: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "URL '%s' перенаправлен на '%s' (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "слишком много перенаправлений\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "ошибка получения '%s': %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "ошибка получения '%s': статус HTTP %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "ошибка инициализации объекта устройства чтения: %s\n"
 
 msgid "CRL access not possible due to Tor mode\n"
 msgstr ""
@@ -7942,10 +7928,6 @@ msgstr "ошибка вывода строки журнала: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "ошибка чтения журнала из обертки LDAP %d: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "сбой npth_select: %s - жду 1 секунду\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "обертка LDAP %d готова"
@@ -7966,14 +7948,6 @@ msgstr "сбой при ожидании обертки LDAP %d: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "обертка LDAP %d зависла - будет удалена\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "ошибка при запуске прерывающего потока управления обертки LDAP: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "сбой при чтении из обертки LDAP %d: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "недопустимый символ 0x%02x в имени хоста - не добавляется\n"
@@ -8037,6 +8011,13 @@ msgstr "ошибка соединения с '%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "ошибка чтения ответа HTTP для '%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "URL '%s' перенаправлен на '%s' (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "слишком много перенаправлений\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "ошибка разбора ответа OCSP для '%s': %s\n"
@@ -8630,6 +8611,22 @@ msgstr ""
 "Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
 "Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "используется \"http\" вместо \"https\"\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "ошибка получения '%s': статус HTTP %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "сбой npth_select: %s - жду 1 секунду\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr ""
+#~ "ошибка при запуске прерывающего потока управления обертки LDAP: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "сбой при чтении из обертки LDAP %d: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Какой Вам нужен размер ключа для подписей? (%u) "
 
diff --git a/po/sk.po b/po/sk.po
index 64fc04bdd..b8a267092 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -7797,33 +7797,18 @@ msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-msgid "too many redirections\n"
-msgstr "príliš veľa `%c' predvolieb\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "chyba pri vytváraní `%s': %s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "chyba pri čítaní `%s': %s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8272,10 +8257,6 @@ msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "aktualizácia tajného kľúča zlyhala: %s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8296,14 +8277,6 @@ msgstr "aktualizácia zlyhala: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8371,6 +8344,14 @@ msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+msgid "too many redirections\n"
+msgstr "príliš veľa `%c' predvolieb\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
@@ -8988,6 +8969,18 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "chyba pri čítaní `%s': %s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "aktualizácia tajného kľúča zlyhala: %s\n"
+
+#, fuzzy
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Akú veľkosť kľúča si prajete? (1024) "
diff --git a/po/sv.po b/po/sv.po
index 2e3ed3a8a..2c93ebe28 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -8088,36 +8088,19 @@ msgstr "mottagande rad misslyckades: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: fel vid läsning av katalogpost: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-#| msgid "too many cipher preferences\n"
-msgid "too many redirections\n"
-msgstr "för många chifferinställningar\n"
-
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s': %s\n"
 msgstr "fel vid hämtning av \"%s\" via %s: %s\n"
 
 #, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
-msgid "error retrieving '%s': http status %u\n"
-msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: fel vid läsning av katalogpost: %s\n"
 
 #, fuzzy
 #| msgid "certificate `%s' not found: %s\n"
@@ -8622,11 +8605,6 @@ msgstr "fel vid skrivning till %s: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "fel vid läsning från %s: %s\n"
 
-#, fuzzy, c-format
-#| msgid "pth_select failed: %s - waiting 1s\n"
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "pth_select misslyckades: %s - väntar 1 s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8648,15 +8626,6 @@ msgstr "misslyckades med att vänta på att processen %d skulle avslutas: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "läsning av publik nyckel misslyckades: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8734,6 +8703,15 @@ msgstr "fel vid skrivning till \"%s\": %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "fel vid läsning från %s: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "too many cipher preferences\n"
+msgid "too many redirections\n"
+msgstr "för många chifferinställningar\n"
+
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error parsing OCSP response for '%s': %s\n"
@@ -9408,6 +9386,21 @@ msgstr ""
 "Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
 "Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
 
+#, fuzzy
+#~| msgid "error running `%s': exit status %d\n"
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
+
+#, fuzzy
+#~| msgid "pth_select failed: %s - waiting 1s\n"
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "pth_select misslyckades: %s - väntar 1 s\n"
+
+#, fuzzy
+#~| msgid "reading public key failed: %s\n"
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "läsning av publik nyckel misslyckades: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Vilken nyckelstorlek vill du använda för signaturnyckeln? (%u) "
 
diff --git a/po/tr.po b/po/tr.po
index 207c36ecd..4b41e971f 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -7990,36 +7990,19 @@ msgstr "satır alımı başarısız: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s: dizin kaydını yazma hatası: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-#| msgid "too many cipher preferences\n"
-msgid "too many redirections\n"
-msgstr "çok fazla şifreleme tercihi\n"
-
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s': %s\n"
 msgstr "`%s' %s üzerinden alınırken hata: %s\n"
 
 #, fuzzy, c-format
-#| msgid "error running `%s': exit status %d\n"
-msgid "error retrieving '%s': http status %u\n"
-msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s: dizin kaydını yazma hatası: %s\n"
 
 #, fuzzy
 #| msgid "certificate `%s' not found: %s\n"
@@ -8521,11 +8504,6 @@ msgstr "%s yazılırken hata: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "%s okunurken hata: %s\n"
 
-#, fuzzy, c-format
-#| msgid "pth_select failed: %s - waiting 1s\n"
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "pth_select başarısız: %s - 1s bekliyor\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8547,15 +8525,6 @@ msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "genel anahtar okuması başarısız: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8633,6 +8602,15 @@ msgstr "`%s' yazılırken hata: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "%s okunurken hata: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "too many cipher preferences\n"
+msgid "too many redirections\n"
+msgstr "çok fazla şifreleme tercihi\n"
+
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error parsing OCSP response for '%s': %s\n"
@@ -9309,6 +9287,21 @@ msgstr ""
 "Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
 "karşılaştırır\n"
 
+#, fuzzy
+#~| msgid "error running `%s': exit status %d\n"
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
+
+#, fuzzy
+#~| msgid "pth_select failed: %s - waiting 1s\n"
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "pth_select başarısız: %s - 1s bekliyor\n"
+
+#, fuzzy
+#~| msgid "reading public key failed: %s\n"
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "genel anahtar okuması başarısız: %s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "İstediğiniz anahtar uzunluğu nedir? (%u) "
diff --git a/po/uk.po b/po/uk.po
index 5b49c292d..9fa141030 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -7608,31 +7608,17 @@ msgstr "помилка crl_cache_insert за видавцем: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "засіб читання до таблиці відповідності файлів переповнено — очікуємо\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "використовуємо «http» замість «https»\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "Доступ до CRL неможливий через вимкнений %s\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "помилка під час спроби ініціалізації об’єкта читання: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "Адресу «%s» переспрямовано до «%s» (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "занадто багато переспрямувань\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "помилка отримання «%s»: %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "помилка отримання «%s»: стан http %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "помилка під час спроби ініціалізації об’єкта читання: %s\n"
 
 msgid "CRL access not possible due to Tor mode\n"
 msgstr "Доступ до CRL неможливий через увімкнений режим Tor\n"
@@ -8051,10 +8037,6 @@ msgstr "помилка під час спроби виводу рядка жур
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "помилка під час спроби читання журналу з обгортки LDAP %d: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "помилка npth_select: %s — очікування у 1 с\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "обгортка LDAP %d готова"
@@ -8075,15 +8057,6 @@ msgstr "очікування даних з обгортки LDAP %d зазнал
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "обгортка LDAP %d не відповідає — завершуємо роботу\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-"помилка під час спроби породження потоку обгортки отримання даних LDAP: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "спроба читання з обгортки LDAP %d зазнала невдачі: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "некоректний символ 0x%02x у назві вузла — не додано\n"
@@ -8147,6 +8120,13 @@ msgstr "помилка під час спроби встановлення з’
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "помилка під час спроби читання відповіді за HTTP для «%s»: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "Адресу «%s» переспрямовано до «%s» (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "занадто багато переспрямувань\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "помилка під час обробки відповіді за OCSP для «%s»: %s\n"
@@ -8740,6 +8720,23 @@ msgstr ""
 "Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
 "Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "використовуємо «http» замість «https»\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "помилка отримання «%s»: стан http %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "помилка npth_select: %s — очікування у 1 с\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr ""
+#~ "помилка під час спроби породження потоку обгортки отримання даних LDAP: "
+#~ "%s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "спроба читання з обгортки LDAP %d зазнала невдачі: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Якому розміру ключа підписування ви надаєте перевагу? (%u) "
 
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 2d540fe20..e425ca8bd 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -7662,34 +7662,18 @@ msgstr "无法读出公钥：%s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr ""
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr ""
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr ""
 
-#, fuzzy, c-format
-#| msgid "%s: error writing dir record: %s\n"
-msgid "error initializing reader object: %s\n"
-msgstr "%s：写入目录记录时出错：%s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr ""
-
-#, fuzzy
-#| msgid "too many cipher preferences\n"
-msgid "too many redirections\n"
-msgstr "太多对称加密算法首选项\n"
-
 #, fuzzy, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "建立‘%s’时发生错误：%s\n"
 
 #, fuzzy, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "读取‘%s’时出错：%s\n"
+#| msgid "%s: error writing dir record: %s\n"
+msgid "error initializing reader object: %s\n"
+msgstr "%s：写入目录记录时出错：%s\n"
 
 #, fuzzy
 msgid "CRL access not possible due to Tor mode\n"
@@ -8147,10 +8131,6 @@ msgstr "写入钥匙环‘%s’时出错： %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "读取‘%s’时出错：%s\n"
 
-#, fuzzy, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "更新私钥失败：%s\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr ""
@@ -8171,15 +8151,6 @@ msgstr "更新失败：%s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr ""
-
-#, fuzzy, c-format
-#| msgid "reading public key failed: %s\n"
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "无法读出公钥：%s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
@@ -8249,6 +8220,15 @@ msgstr "写入钥匙环‘%s’时出错： %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "读取‘%s’时出错：%s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "too many cipher preferences\n"
+msgid "too many redirections\n"
+msgstr "太多对称加密算法首选项\n"
+
 #, fuzzy, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "在‘%s’中寻找信任度记录时出错：%s\n"
@@ -8868,6 +8848,19 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#, fuzzy
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "读取‘%s’时出错：%s\n"
+
+#, fuzzy
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "更新私钥失败：%s\n"
+
+#, fuzzy
+#~| msgid "reading public key failed: %s\n"
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "无法读出公钥：%s\n"
+
 #, fuzzy
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "您想要用多大的密钥尺寸？(%u)"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 3ffd826ae..6b2c4de3d 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7381,31 +7381,17 @@ msgstr "經由發行者的 crl_cache_insert 失敗: %s\n"
 msgid "reader to file mapping table full - waiting\n"
 msgstr "讀取程式至檔案映射表已滿 - 正在等待\n"
 
-msgid "using \"http\" instead of \"https\"\n"
-msgstr "正改以 \"http\" 代替 \"https\"\n"
-
 #, c-format
 msgid "CRL access not possible due to disabled %s\n"
 msgstr "不可能存取 CRL 因已停用 %s\n"
 
-#, c-format
-msgid "error initializing reader object: %s\n"
-msgstr "啟始讀取程式物件時出錯: %s\n"
-
-#, c-format
-msgid "URL '%s' redirected to '%s' (%u)\n"
-msgstr "網址 '%s' 重新轉向至 '%s' (%u)\n"
-
-msgid "too many redirections\n"
-msgstr "太多重新導向\n"
-
 #, c-format
 msgid "error retrieving '%s': %s\n"
 msgstr "取回 '%s' 時出錯: %s\n"
 
 #, c-format
-msgid "error retrieving '%s': http status %u\n"
-msgstr "取回 '%s' 時出錯: http 狀態 %u\n"
+msgid "error initializing reader object: %s\n"
+msgstr "啟始讀取程式物件時出錯: %s\n"
 
 #, fuzzy
 #| msgid "CRL access not possible due to disabled %s\n"
@@ -7821,10 +7807,6 @@ msgstr "印出日誌記錄列時出錯: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "從 ldap 封裝程式 %d 讀取日誌記錄時出錯: %s\n"
 
-#, c-format
-msgid "npth_select failed: %s - waiting 1s\n"
-msgstr "npth_select 失敗: %s - 等 1 秒鐘\n"
-
 #, c-format
 msgid "ldap wrapper %d ready"
 msgstr "ldap 封裝程式 %d 準備妥當"
@@ -7845,14 +7827,6 @@ msgstr "等候 ldap 封裝程式 %d 時失敗: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap 封裝程式 %d 已卡住 - 正在中止\n"
 
-#, c-format
-msgid "error spawning ldap wrapper reaper thread: %s\n"
-msgstr "繁衍 ldap 封裝程式收割執行緒時出錯: %s\n"
-
-#, c-format
-msgid "reading from ldap wrapper %d failed: %s\n"
-msgstr "從 ldap 封裝程式 %d 讀取時失敗: %s\n"
-
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "主機名稱中有無效的字符 0x%02x - 不予加入\n"
@@ -7918,6 +7892,13 @@ msgstr "連線至 '%s' 時出錯: %s\n"
 msgid "error reading HTTP response for '%s': %s\n"
 msgstr "讀取 '%s' HTTP 回應時出錯: %s\n"
 
+#, c-format
+msgid "URL '%s' redirected to '%s' (%u)\n"
+msgstr "網址 '%s' 重新轉向至 '%s' (%u)\n"
+
+msgid "too many redirections\n"
+msgstr "太多重新導向\n"
+
 #, c-format
 msgid "error parsing OCSP response for '%s': %s\n"
 msgstr "剖析 '%s' OCSP 回應時出錯: %s\n"
@@ -8524,6 +8505,21 @@ msgstr ""
 "語法: gpg-check-pattern [選項] 樣式檔案\n"
 "用樣式檔案來檢查由標準輸入給定的密語\n"
 
+#~ msgid "using \"http\" instead of \"https\"\n"
+#~ msgstr "正改以 \"http\" 代替 \"https\"\n"
+
+#~ msgid "error retrieving '%s': http status %u\n"
+#~ msgstr "取回 '%s' 時出錯: http 狀態 %u\n"
+
+#~ msgid "npth_select failed: %s - waiting 1s\n"
+#~ msgstr "npth_select 失敗: %s - 等 1 秒鐘\n"
+
+#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
+#~ msgstr "繁衍 ldap 封裝程式收割執行緒時出錯: %s\n"
+
+#~ msgid "reading from ldap wrapper %d failed: %s\n"
+#~ msgstr "從 ldap 封裝程式 %d 讀取時失敗: %s\n"
+
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "你的簽署金鑰想要用多大的金鑰尺寸? (%u) "
 
-- 
cgit v1.2.3


From 0afa5e158ada716d65046f1567fa14e7c24d0439 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 21:33:41 +0200
Subject: speedo,w32: Install dirmmngr_ldap.exe.

--
---
 build-aux/speedo/w32/inst.nsi | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index df08fb074..fb452d513 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -625,6 +625,7 @@ Section "GnuPG" SEC_gnupg
   File "bin/gpgconf.exe"
   File "bin/gpg-connect-agent.exe"
   File "bin/gpgtar.exe"
+  File "libexec/dirmngr_ldap.exe"
   File "libexec/gpg-preset-passphrase.exe"
   File "libexec/gpg-wks-client.exe"
 
@@ -1312,6 +1313,7 @@ Section "-un.gnupg"
   Delete "$INSTDIR\bin\gpgconf.exe"
   Delete "$INSTDIR\bin\gpg-connect-agent.exe"
   Delete "$INSTDIR\bin\gpgtar.exe"
+  Delete "$INSTDIR\bin\dirmngr_ldap.exe"
   Delete "$INSTDIR\bin\gpg-preset-passphrase.exe"
   Delete "$INSTDIR\bin\gpg-wks-client.exe"
 
-- 
cgit v1.2.3


From d31d149196832ed6b8849017d8bcd0852c6ca96c Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 20:58:19 +0200
Subject: Release 2.2.7

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 NEWS | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index e5f088b18..066c36cce 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Noteworthy changes in version 2.2.7 (unreleased)
+Noteworthy changes in version 2.2.7 (2018-05-02)
 ------------------------------------------------
 
   * gpg: New option --no-symkey-cache to disable the passphrase cache
@@ -11,10 +11,9 @@ Noteworthy changes in version 2.2.7 (unreleased)
 
   * gpg: Add a status flag to "sig" lines printed with --list-sigs.
 
-  * ssh: Return an error for unknown ssh-agent flags.  [#3880]
+  * gpg: Fix "Too many open files" when using --multifile.  [#3951]
 
-  * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
-    debugging.
+  * ssh: Return an error for unknown ssh-agent flags.  [#3880]
 
   * dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
     caches under Windows.  [#2448,#3923]
@@ -24,6 +23,19 @@ Noteworthy changes in version 2.2.7 (unreleased)
 
   * dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
 
+  * dirmngr: Fallback to CRL if no default OCSP responder is configured.
+
+  * dirmngr: Implement CRL fetching via https.  Here a redirection to
+    http is explictly allowed.
+
+  * dirmngr: Make LDAP searching and CRL fetching work under Windows.
+    This stopped working with 2.1.  [#3937]
+
+  * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
+    debugging.
+
+  See-also: gnupg-announce/2018q2/000422.html
+
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
 ------------------------------------------------
-- 
cgit v1.2.3


From 2e2ab4b69c324c6e324780bbe73a0d2f8ea86e09 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 May 2018 22:02:40 +0200
Subject: Post release updates

--
---
 NEWS         | 4 ++++
 configure.ac | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 066c36cce..0de8d0b14 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.2.8 (unreleased)
+------------------------------------------------
+
+
 Noteworthy changes in version 2.2.7 (2018-05-02)
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index e94bd30c4..59a2e6084 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ min_automake_version="1.14"
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
 m4_define([mym4_minor], [2])
-m4_define([mym4_micro], [7])
+m4_define([mym4_micro], [8])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release
-- 
cgit v1.2.3


From ed12a1dabaf928e8620fc26ca426c935e1a8a880 Mon Sep 17 00:00:00 2001
From: Ineiev <ineiev@gnu.org>
Date: Sun, 6 May 2018 05:58:23 +0000
Subject: doc: Update description of displayed trust values.

* doc/trust-values.texi: New file.
* doc/Makefile.am (EXTRA_DIST): Add trust-values.texi.
* doc/gnupg.texi (Trust Values): New chapter.
* doc/gpg.texi (OpenPGP Key Management): Update the description
of how trust values are displayed, replace table with a reference
to Trust Values.
* doc/gpg.texi (GPG Examples): Add @mansect trust values.

--

Signed-off-by: Ineiev <ineiev@gnu.org>
---
 doc/Makefile.am       |  3 ++-
 doc/gnupg.texi        |  6 ++++++
 doc/gpg.texi          | 41 ++++++++++-------------------------------
 doc/trust-values.texi | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 65 insertions(+), 32 deletions(-)
 create mode 100644 doc/trust-values.texi

diff --git a/doc/Makefile.am b/doc/Makefile.am
index a857c8e6e..d47d83ede 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -49,7 +49,8 @@ EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \
              gnupg-card-architecture.png gnupg-card-architecture.pdf \
              FAQ gnupg7.texi mkdefsinc.c defsincdate \
              opt-homedir.texi see-also-note.texi specify-user-id.texi \
-	     gpgv.texi yat2m.c ChangeLog-2011 whats-new-in-2.1.txt
+	     gpgv.texi yat2m.c ChangeLog-2011 whats-new-in-2.1.txt \
+             trust-values.texi
 
 BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \
                 gnupg-card-architecture.png gnupg-card-architecture.pdf \
diff --git a/doc/gnupg.texi b/doc/gnupg.texi
index 7154fc841..336414870 100644
--- a/doc/gnupg.texi
+++ b/doc/gnupg.texi
@@ -140,6 +140,7 @@ the administration and the architecture.
 * Invoking GPGSM::      Using the S/MIME protocol.
 * Invoking SCDAEMON::   How to handle Smartcards.
 * Specify a User ID::   How to Specify a User Id.
+* Trust Values::        How GnuPG displays trust values.
 
 * Helper Tools::        Description of small helper tools
 * Web Key Service::     Tools for the Web Key Service
@@ -179,6 +180,11 @@ the administration and the architecture.
 @anchor{how-to-specify-a-user-id}
 @include specify-user-id.texi
 
+@node Trust Values
+@chapter Trust Values
+@anchor{trust-values}
+@cindex trust values
+@include trust-values.texi
 
 @include tools.texi
 @include wks.texi
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 2888050a7..805a01fc3 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1040,38 +1040,13 @@ signing.
 
 @c man:.RS
 The listing shows you the key with its secondary keys and all user
-ids.  The primary user id is indicated by a dot, and selected keys or
-user ids are indicated by an asterisk.  The trust
-value is displayed with the primary key: the first is the assigned owner
-trust and the second is the calculated trust value. Letters are used for
-the values:
+IDs.  The primary user ID is indicated by a dot, and selected keys or
+user IDs are indicated by an asterisk.  The trust
+value is displayed with the primary key: "trust" is the assigned owner
+trust and "validity" is the calculated validity of the key.  Validity
+values are also displayed for all user IDs.
+For possible values of trust, @pxref{trust-values}.
 @c man:.RE
-
-@table @asis
-
-  @item -
-  No ownertrust assigned / not yet calculated.
-
-  @item e
-  Trust
-  calculation has failed; probably due to an expired key.
-
-  @item q
-  Not enough information for calculation.
-
-  @item n
-  Never trust this key.
-
-  @item m
-  Marginally trusted.
-
-  @item f
-  Fully trusted.
-
-  @item u
-  Ultimately trusted.
-
-@end table
 @c ******** End Edit-key Options **********
 
 @item --sign-key @var{name}
@@ -3798,6 +3773,10 @@ which is equivalent to
 imports only the user ids of a key containing the strings "Alfa"
 or "Alpha" but not the string "test".
 
+@mansect trust values
+@ifset isman
+@include trust-values.texi
+@end ifset
 
 @mansect return value
 @chapheading RETURN VALUE
diff --git a/doc/trust-values.texi b/doc/trust-values.texi
new file mode 100644
index 000000000..634a784fc
--- /dev/null
+++ b/doc/trust-values.texi
@@ -0,0 +1,47 @@
+@c Copyright (C) 2018 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+Trust values are used to indicate ownertrust and validity of keys and
+user IDs.  They are displayed with letters or strings:
+
+@table @asis
+
+  @item -
+  @itemx unknown
+  No ownertrust assigned / not yet calculated.
+
+  @item e
+  @itemx expired
+
+  Trust calculation has failed; probably due to an expired key.
+
+  @item q
+  @itemx undefined, undef
+  Not enough information for calculation.
+
+  @item n
+  @itemx never
+  Never trust this key.
+
+  @item m
+  @itemx marginal
+  Marginally trusted.
+
+  @item f
+  @itemx full
+  Fully trusted.
+
+  @item u
+  @itemx ultimate
+  Ultimately trusted.
+
+  @item r
+  @itemx revoked
+  For validity only: the key or the user ID has been revoked.
+
+  @item ?
+  @itemx err
+  The program encountered an unknown trust value.
+
+@end table
-- 
cgit v1.2.3


From 1ced88edf4ce7aeb13f9d962645957ba9fa0d635 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Sun, 13 May 2018 13:21:57 +0200
Subject: doc: Fix URL in NEWS.

--
---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 0de8d0b14..bf1ca41de 100644
--- a/NEWS
+++ b/NEWS
@@ -38,7 +38,7 @@ Noteworthy changes in version 2.2.7 (2018-05-02)
   * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
     debugging.
 
-  See-also: gnupg-announce/2018q2/000422.html
+  See-also: gnupg-announce/2018q2/000424.html
 
 
 Noteworthy changes in version 2.2.6 (2018-04-09)
-- 
cgit v1.2.3