* trustdb.c (validate_keys): Reset the trustdb before checking if we have

any ultimately trusted keys.  This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations.  Noted by Peter Palfrader.

* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.

4 files changed, 20 insertions, 22 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index df26e0730..96a087e37 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,17 @@
+2003-11-29  David Shaw  <[email protected]>
+
+	* trustdb.c (validate_keys): Reset the trustdb before checking if
+	we have any ultimately trusted keys.  This ensures that if we lose
+	all our ultimately trusted keys, we don't leave behind the old
+	validity calculations.  Noted by Peter Palfrader.
+
+	* revoke.c (gen_desig_revoke): Specify in the comment when a
+	designated revocation is generated.
+
+	* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
+	get_seckey_byname2): Remove Elgamal check since we are removing
+	type 20 keys altogether.
+
 2003-11-27  David Shaw  <[email protected]>
 
 	* pkclist.c (build_pk_list): Do not allow an empty PK list in
diff --git a/g10/getkey.c b/g10/getkey.c
index 477ba9e34..72b80ba76 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1055,11 +1055,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
 	ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST;
 	rc = lookup( &ctx, &kb, 1 );
         if (!rc && sk )
-	  {
-	    sk_from_block ( &ctx, sk, kb );
-	    if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
-	      rc=G10ERR_UNU_SECKEY;
-	  }
+            sk_from_block ( &ctx, sk, kb );
         release_kbnode ( kb );
 	get_seckey_end( &ctx );
     }
@@ -1681,11 +1677,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
         if ( x ) /* mask it down to the actual allowed usage */
             key_usage &= x; 
     }
-
-    /* Type 20 Elgamal keys are not usable. */
-    if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
-      key_usage=0;
-
     pk->pubkey_usage = key_usage;
 
     if ( !key_expire_seen ) {
@@ -1902,13 +1893,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
         if ( x ) /* mask it down to the actual allowed usage */
             key_usage &= x; 
     }
-
-    /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
-       not usable. */
-    if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
-       || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
-      key_usage=0;
-
     subpk->pubkey_usage = key_usage;
     
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
diff --git a/g10/revoke.c b/g10/revoke.c
index 51dfea20a..d33e2f4b7 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -294,7 +294,7 @@ gen_desig_revoke( const char *uname )
 	      goto leave;
 
 	    afx.what = 1;
-	    afx.hdrlines = "Comment: A revocation certificate should follow\n";
+	    afx.hdrlines = "Comment: A designated revocation certificate should follow\n";
 	    iobuf_push_filter( out, armor_filter, &afx );
 
 	    /* create it */
diff --git a/g10/trustdb.c b/g10/trustdb.c
index c9f75b933..95d8c38c5 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1949,6 +1949,10 @@ validate_keys (int interactive)
   stored = new_key_hash_table ();
   used = new_key_hash_table ();
   full_trust = new_key_hash_table ();
+
+  kdb = keydb_new (0);
+  reset_trust_records (kdb,NULL);
+
   /* Fixme: Instead of always building a UTK list, we could just build it
    * here when needed */
   if (!utk_list)
@@ -1957,10 +1961,6 @@ validate_keys (int interactive)
       goto leave;
     }
 
-  kdb = keydb_new (0);
-
-  reset_trust_records (kdb,NULL);
-
   /* mark all UTKs as used and fully_trusted and set validity to
      ultimate */
   for (k=utk_list; k; k = k->next)