* misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing

algorithms.

* keyedit.c (sign_uids): Don't request a signing key to make a
certification.

* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?)  (print_key_flags): Show certify flag.  (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
	
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.

1 files changed, 12 insertions, 4 deletions

diff --git a/g10/getkey.c b/g10/getkey.c
index 4a8438168..07bdfcbd7 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1331,16 +1331,24 @@ parse_key_usage(PKT_signature *sig)
       /* first octet of the keyflags */
       flags=*p;
 
-      if(flags & 3)
+      if(flags & 1)
+	{
+	  key_usage |= PUBKEY_USAGE_CERT;
+	  flags&=~1;
+	}
+
+      if(flags & 2)
 	{
 	  key_usage |= PUBKEY_USAGE_SIG;
-	  flags&=~3;
+	  flags&=~2;
 	}
 
-      if(flags & 12)
+      /* We do not distinguish between encrypting communications and
+	 encrypting storage. */
+      if(flags & (0x04|0x08))
 	{
 	  key_usage |= PUBKEY_USAGE_ENC;
-	  flags&=~12;
+	  flags&=~(0x04|0x08);
 	}
 
       if(flags & 0x20)