4 files changed, 36 insertions, 19 deletions

diff --git a/NEWS b/NEWS
index 07358829..82f403c4 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ Noteworthy changes in version 1.8.1 (unreleased)
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  gpgme_strerror_r            CHANGED: Use gpgme_error_t (compatible type).
  gpgme_data_set_flag         CHANGED: Return gpgme_error_t (compatible type).
+ gpgme_op_createkey          CHANGED: Meaning of 'expire' parameter.
+ gpgme_op_createsubkey       CHANGED: Meaning of 'expire' parameter.
+ GPGME_CREATE_NOEXPIRE       NEW.
  cpp: Context::revUid(const Key&, const char*)      NEW.
  cpp: Context::startRevUid(const Key&, const char*) NEW.
  cpp: Context::addUid(const Key&, const char*)      NEW.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index e058fba6..c088cfed 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3612,13 +3612,14 @@ primary key plus a secondary key (subkey).
 
 @var{reserved} must be set to zero.
 
-@var{expires} can be set to the number of seconds since Epoch of the
-desired expiration date in UTC for the new key.   Using 0 does not
-set an expiration date.  Note that this parameter takes an unsigned long
-value and not a @code{time_t} to avoid problems on systems which use a
-signed 32 bit @code{time_t}.  Note further that the OpenPGP protocol
-uses 32 bit values for timestamps and thus can only encode dates up to
-the year 2106.
+@var{expires} specifies the expiration time in seconds.  If you supply
+0, a reasonable expiration time is chosen.  Use the flag
+@code{GPGME_CREATE_NOEXPIRE} to create keys that do not expire.  Note
+that this parameter takes an unsigned long value and not a
+@code{time_t} to avoid problems on systems which use a signed 32 bit
+@code{time_t}.  Note further that the OpenPGP protocol uses 32 bit
+values for timestamps and thus can only encode dates up to the year
+2106.
 
 @var{extrakey} is currently not used and must be set to @code{NULL}.
 A future version of GPGME may use this parameter to create X.509 keys.
@@ -3660,6 +3661,9 @@ The engine does not allow the creation of a key with a user ID
 already existing in the local key database.  This flag can be used to
 override this check.
 
+@item GPGME_CREATE_NOEXPIRE
+Request generation of keys that do not expire.
+
 @end table
 
 After the operation completed successfully, information about the
@@ -3719,13 +3723,14 @@ able to already handle such future algorithms.
 
 @var{reserved} must be set to zero.
 
-@var{expires} can be set to the number of seconds since Epoch of the
-desired expiration date in UTC for the new subkey.   Using 0 does not
-set an expiration date.  Note that this parameter takes an unsigned long
-value and not a @code{time_t} to avoid problems on systems which use a
-signed 32 bit @code{time_t}.  Note further that the OpenPGP protocol
-uses 32 bit values for timestamps and thus can only encode dates up to
-the year 2106.
+@var{expires} specifies the expiration time in seconds.  If you supply
+0, a reasonable expiration time is chosen.  Use the flag
+@code{GPGME_CREATE_NOEXPIRE} to create keys that do not expire.  Note
+that this parameter takes an unsigned long value and not a
+@code{time_t} to avoid problems on systems which use a signed 32 bit
+@code{time_t}.  Note further that the OpenPGP protocol uses 32 bit
+values for timestamps and thus can only encode dates up to the year
+2106.
 
 @var{flags} takes the same values as described above for
 @code{gpgme_op_createkey}.
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 21ca02a8..34436007 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -2076,7 +2076,8 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg,
   /* This condition is only required to allow the use of gpg < 2.1.16 */
   if (algo
       || (flags & (GPGME_CREATE_SIGN | GPGME_CREATE_ENCR
-                   | GPGME_CREATE_CERT | GPGME_CREATE_AUTH))
+                   | GPGME_CREATE_CERT | GPGME_CREATE_AUTH
+                   | GPGME_CREATE_NOEXPIRE))
       || expires)
     {
       err = add_arg (gpg, algo? algo : "default");
@@ -2090,11 +2091,18 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg,
                     (flags & GPGME_CREATE_AUTH)? " auth":"");
           err = add_arg (gpg, *tmpbuf? tmpbuf : "default");
         }
-      if (!err && expires)
+      if (!err)
         {
-          char tmpbuf[8+20];
-          snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires);
-          err = add_arg (gpg, tmpbuf);
+          if (flags & GPGME_CREATE_NOEXPIRE)
+            err = add_arg (gpg, "never");
+          else if (expires == 0)
+            err = add_arg (gpg, "-");
+          else
+            {
+              char tmpbuf[8+20];
+              snprintf (tmpbuf, sizeof tmpbuf, "seconds=%lu", expires);
+              err = add_arg (gpg, tmpbuf);
+            }
         }
     }
   else
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 7f2d34f7..f76689e7 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1637,6 +1637,7 @@ gpgme_error_t gpgme_op_export_keys (gpgme_ctx_t ctx,
 #define GPGME_CREATE_WANTPUB    (1 << 10) /* Return the public key.    */
 #define GPGME_CREATE_WANTSEC    (1 << 11) /* Return the secret key.    */
 #define GPGME_CREATE_FORCE      (1 << 12) /* Force creation.           */
+#define GPGME_CREATE_NOEXPIRE   (1 << 13) /* Create w/o expiration.    */
 
 /* An object to return result from a key generation.
  * This structure shall be considered read-only and an application